First published: Wed Mar 22 2023(Updated: )
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
Credit: PSIRT@rockwellautomation.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Thinmanager | >=6.0.0<=10.0.2 | |
Rockwellautomation Thinmanager | >=11.0.0<=11.0.5 | |
Rockwellautomation Thinmanager | >=11.1.0<=11.1.5 | |
Rockwellautomation Thinmanager | >=11.2.0<=11.2.6 | |
Rockwellautomation Thinmanager | >=12.0.0<=12.0.4 | |
Rockwellautomation Thinmanager | >=12.1.0<=12.1.5 | |
Rockwellautomation Thinmanager | =13.0.0 | |
Rockwellautomation Thinmanager | =13.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-27855 is a path traversal vulnerability in Rockwell Automation's ThinManager ThinServer.
CVE-2023-27855 allows an unauthenticated remote attacker to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed.
CVE-2023-27855 has a severity rating of critical with a score of 9.8 out of 10.
CVE-2023-27855 affects Rockwell Automation ThinManager versions 6.0.0 to 10.0.2, 11.0.0 to 11.0.5, 11.1.0 to 11.1.5, 11.2.0 to 11.2.6, 12.0.0 to 12.0.4, 12.1.0 to 12.1.5, 13.0.0, and 13.0.1.
To fix CVE-2023-27855, it is recommended to update Rockwell Automation ThinManager to a version that is not affected by the vulnerability.