all InfoSec news
Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities
March 21, 2023, 11:55 a.m. | Nick Miles
Tenable Research Advisories www.tenable.com
There are multiple vulnerabilities in Rockwell Automation ThinManager ThinServer.exe.
Affected Versions:
- 6.x - 10.x
- 11.0.0 - 11.0.5
- 11.1.0 - 11.1.5
- 11.2.0 - 11.2.6
- 12.0.0 - 12.0.4
- 12.1.0 - 12.1.5
- 13.0.0 - 13.0.1
CVE-2023-27855 - ThinManager ThinServer Path Traversal Upload
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
A client message sent to a synchronization thread in ThinServer.exe has the following structure:
// be = big endian
struct header
{
be16 type; // msg type
be16 flags; // msg flags
// 0x0001 …
11.2 automation client cve cvss message path path traversal rockwell automation synchronization vulnerabilities
More from www.tenable.com / Tenable Research Advisories
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Information Security Manager & ISSO
@ Federal Reserve System | Minneapolis, MN
Forensic Lead
@ Arete | Hyderabad
Lead Security Risk Analyst (GRC)
@ Justworks, Inc. | New York City
Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F
@ Hifield | Sèvres, France