Lucene search
RockwellCVELIST:CVE-2023-27856HistoryMar 21, 2023 - 11:55 p.m.
CVE-2023-27856 Rockwell Automation ThinManager ThinServer Path Traversal Download
2023-03-2123:55:23
CWE-22
Rockwell
www.cve.org
2
cve-2023-27856
rockwell automation
thinmanager
thinserver
path traversal
download
remote attacker
arbitrary files
disk drive
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
35.3%
In affected versions, path traversal exists when processing a message of type 8
in Rockwell Automation’s ThinManager ThinServer.
An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "6.x - 10.x"
},
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.5"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.6"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.4"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.5"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.1"
}
]
}
]Related
prion
prion
Path traversal
2023-03-22 00:15:00
cve
cve
CVE-2023-27856
2023-03-22 00:15:12
cnvd
cnvd
nvd
nvd
CVE-2023-27856
2023-03-22 00:15:12
ics
ics
Rockwell Automation ThinManager
2023-03-21 12:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
35.3%
Related for CVELIST:CVE-2023-27856