CVE-2023-2917: Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
First published: Thu Aug 17 2023(Updated: )
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.
Credit: PSIRT@rockwellautomation.com PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| >=11.0.0<=11.0.6 | ||
| >=11.1.0<=11.1.6 | ||
| >=11.2.0<=11.2.7 | ||
| >=12.0.0<=12.0.5 | ||
| >=12.1.0<=12.1.6 | ||
| >=13.0.0<=13.0.2 | ||
| =13.1.0 | ||
| Rockwellautomation Thinmanager Thinserver | >=11.0.0<=11.0.6 | |
| Rockwellautomation Thinmanager Thinserver | >=11.1.0<=11.1.6 | |
| Rockwellautomation Thinmanager Thinserver | >=11.2.0<=11.2.7 | |
| Rockwellautomation Thinmanager Thinserver | >=12.0.0<=12.0.5 | |
| Rockwellautomation Thinmanager Thinserver | >=12.1.0<=12.1.6 | |
| Rockwellautomation Thinmanager Thinserver | >=13.0.0<=13.0.2 | |
| Rockwellautomation Thinmanager Thinserver | =13.1.0 |
Remedy
* Update to the corrected software versions. * Limit remote access for TCP Port 2031 to known thin clients and ThinManager servers.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this threat?
The vulnerability ID of this threat is CVE-2023-2917.
What is the severity level of CVE-2023-2917?
CVE-2023-2917 has a severity level of critical.
Which software versions are affected by CVE-2023-2917?
CVE-2023-2917 affects versions 11.0.0 to 11.0.6, 11.1.0 to 11.1.6, 11.2.0 to 11.2.7, 12.0.0 to 12.0.5, 12.1.0 to 12.1.6, 13.0.0 to 13.0.2, and 13.1.0 of Rockwell Automation Thinmanager Thinserver.
What is the vulnerability description of CVE-2023-2917?
CVE-2023-2917 is an improper input validation vulnerability in Rockwell Automation Thinmanager Thinserver, allowing remote attackers to perform path traversal via the filename field.
Is authentication required to exploit CVE-2023-2917?
No, CVE-2023-2917 can be exploited by unauthenticated remote attackers.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/weakness
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/rockwellautomation
- canonical/rockwellautomation thinmanager thinserver
- version/rockwellautomation thinmanager thinserver/11.0.0
- version/rockwellautomation thinmanager thinserver/11.0.6
- version/rockwellautomation thinmanager thinserver/11.1.0
- version/rockwellautomation thinmanager thinserver/11.1.6
- version/rockwellautomation thinmanager thinserver/11.2.0
- version/rockwellautomation thinmanager thinserver/11.2.7
- version/rockwellautomation thinmanager thinserver/12.0.0
- version/rockwellautomation thinmanager thinserver/12.0.5
- version/rockwellautomation thinmanager thinserver/12.1.0
- version/rockwellautomation thinmanager thinserver/12.1.6
- version/rockwellautomation thinmanager thinserver/13.0.0
- version/rockwellautomation thinmanager thinserver/13.0.2
- version/rockwellautomation thinmanager thinserver/13.1.0