all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Rockwell Automation ThinManager ThinServer v13.1.0.2630 Multiple Vulnerabilities

Add to bookmarks
Aug. 17, 2023, 6:33 p.m. | Nick Miles

Tenable Research Advisories www.tenable.com

Rockwell Automation ThinManager ThinServer v13.1.0.2630 Multiple Vulnerabilities

CVE-2023-2917 - Message 38 (SYNC_MSG_SEND_FILE_BACKGROUND) Path Traversal File Upload



A client message sent to a synchronization thread in ThinServer.exe has the following structure:



// be = big endian
struct header
{
   be16 type;  // msg type
   be16 flags; // msg flags
               // 0x0001 - request
               // 0x0002 - response
               // 0x0020 - final msg fragment?
               // 0x8000 - ?
   be32 len;   // msg body length
};
struct msg
{
   header hdr; 
   byte data[hdr.len]; …

automation big client cve file file upload header message msg path path traversal request rockwell rockwell automation synchronization upload vulnerabilities

Visit resource

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 5 days ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 1 week, 5 days ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 2 weeks ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 3 weeks, 5 days ago | www.tenable.com
application attachment cookie date +14
LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com
assistant led vulnerabilities
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com
arcserve data data protection protection +1
Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com
analytics azure azure synapse caching +8
Showdownjs Denial of Service 2 months ago | www.tenable.com
can command concept conditions +17
Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com
accesstoken admin adobe authentication +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC

@ SAP | Dublin 24, IE, D24WA02
View on infosec-jobs.com

Product Security Response Engineer

@ Intel | CRI - Belen, Heredia
View on infosec-jobs.com

Application Security Architect

@ Uni Systems | Brussels, Brussels, Belgium
View on infosec-jobs.com

Sr Product Security Engineer

@ ServiceNow | Hyderabad, India
View on infosec-jobs.com

Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)

@ FiscalNote | United Kingdom (UK)
View on infosec-jobs.com
View more jobs