RockwellCVELIST:CVE-2023-2915CVE-2023-2915 Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.1%
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
]Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.1%