CVE-2023-27856

CVSS V2 None CVSS V3 None
Description
In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
Overview
  • CVE ID
  • CVE-2023-27856
  • Assigner
  • PSIRT@rockwellautomation.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-22T00:15:12
  • Last Modified Date
  • 2023-03-24T20:44:52
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* 1 OR 6.0.0 10.0.2
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* 1 OR 11.0.0 11.0.5
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* 1 OR 11.1.0 11.1.5
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* 1 OR 11.2.0 11.2.6
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* 1 OR 12.0.0 12.0.4
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* 1 OR 12.1.0 12.1.5
cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rockwellautomation:thinmanager:13.0.1:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640 Permissions Required Vendor Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 03:05:12 Added to TrackCVE
2023-04-17 03:05:16 Weakness Enumeration new