CISA Releases Three Industrial Control Systems Advisories

CISA has released three 3 Industrial Control Systems ICS advisories on September 27th, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisori...

Rockwell Automation ThinManager ThinServer

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the software crashing; a buffer overflow...

CVE-2022-38742

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could...

CVE-2022-38742

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could...

Heap overflow

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could...

CVE-2022-38742

CVE-2022-38742 affects Rockwell Automation’s ThinManager ThinServer . A heap-based buffer overflow exists in the handling of certain TFTP/HTTPS requests, potentially crashing ThinServer and enabling arbitrary remote code execution. Affected versions include ThinServer 11.0.0 through 13.0.0 (per C...

CVE-2022-38742 Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could...

Rockwell Automation ThinManager 缓冲区错误漏洞

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A security vulnerability exists in Rockwell Automation ThinManager versions 11.0.0 through 13.0.0, which stems fr...

PT-2022-4894 · Rockwell Automation · Thinkserver +1

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager ThinServer versions 11.0.0 through 13.0.0 Description: The issue is related to a heap-based buffer overflow in the ThinServer component of Rockwell Automation ThinManager. This can be exploited by sending a...

(0Day) Rockwell Automation FactoryTalk RNADiagnosticsSrv Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RNADiagnosticsSrv endpoint, which listens on TCP port 8082 by defaul...