all InfoSec news
Rockwell Automation ThinManager ThinServer v13.1.0.2630 Multiple Vulnerabilities
Aug. 17, 2023, 6:33 p.m. | Nick Miles
Tenable Research Advisories www.tenable.com
CVE-2023-2917 - Message 38 (SYNC_MSG_SEND_FILE_BACKGROUND) Path Traversal File Upload
A client message sent to a synchronization thread in ThinServer.exe has the following structure:
// be = big endian
struct header
{
be16 type; // msg type
be16 flags; // msg flags
// 0x0001 - request
// 0x0002 - response
// 0x0020 - final msg fragment?
// 0x8000 - ?
be32 len; // msg body length
};
struct msg
{
header hdr;
byte data[hdr.len]; …
automation big client cve file file upload header message msg path path traversal request rockwell rockwell automation synchronization upload vulnerabilities
More from www.tenable.com / Tenable Research Advisories
Approach.App Multiple Vulnerabilities
1 week, 5 days ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
3 weeks, 5 days ago |
www.tenable.com
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC
@ SAP | Dublin 24, IE, D24WA02
Product Security Response Engineer
@ Intel | CRI - Belen, Heredia
Application Security Architect
@ Uni Systems | Brussels, Brussels, Belgium
Sr Product Security Engineer
@ ServiceNow | Hyderabad, India
Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)
@ FiscalNote | United Kingdom (UK)