EUVD-2024-47104

Malicious code in bioql PyPI...

Rockwell Automation ThinManager ThinServer

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Rockwell Automation Equipment : ThinManager ThinServer Vulnerabilities : Improper Privilege Management, Incorrect Permission Assignment for Critical Resource, Improper Input Validation 2...

CVE-2024-7987

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to...

CVE-2024-7988

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten...

CVE-2024-7986 Rockwell Automation ThinManager® ThinServer™ Information Disclosure

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directo...

Rockwell Automation ThinManager ThinServer

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ThinManager ThinServer Vulnerabilities : Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™...

CVE-2024-5989

Rockwell Automation ThinManager ThinServer is affected by CVE-2024-5989 (improper input validation) enabling an unauthenticated threat actor to send a malicious message that could trigger SQL injection and remote code execution. Affects ThinManager ThinServer versions 11.1.x up to 11.1.0–11.1.8, ...

Rockwell Automation ThinManager ThinServer SD1677 Multiple Vulnerabilites

The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.5, 13.1.x prior to 13.1.3 or 13.2.x prior to 13.2.2. It is therefore, affected by mutliple...

PT-2024-8117 · Rockwell Automation · Rockwell Automation Thinmanager Thinserver

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager ThinServer affected versions not specified Description: A remote code execution issue exists in the Rockwell Automation ThinManager ThinServer, allowing a threat actor to execute arbitrary code with System...

CVE-2023-2914

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user...

Path traversal

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote...

CVE-2023-2917 Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote...

CVE-2023-2915 Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can...

PT-2023-4450 · Rockwell Automation · Thinmanager Thinserver

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Thinmanager Thinserver affected versions not specified Description: The issue is related to improper input validation, leading to a path traversal vulnerability when the ThinManager software processes a certain function...

Rockwell Automation ThinManager ThinServer

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ThinManager ThinServer Vulnerability : Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote actor to leverage...

Rockwell Automation ThinManager

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Path Traversal, Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Heap overflow

In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a...

CVE-2023-27856

In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed...

CVE-2023-27855

In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed...