Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

thinmanager_thinserver

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

5

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2024-7988
Assigner-Rockwell Automation
ShareView Details
Assigner-Rockwell Automation
CVSS Score-9.3||CRITICAL
EPSS-1.54% / 80.59%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 14:47
Updated-26 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-ThinManager® ThinServer™thinmanager_thinserver
CWE ID-CWE-20
Improper Input Validation
CVE-2024-7987
Assigner-Rockwell Automation
ShareView Details
Assigner-Rockwell Automation
CVSS Score-8.5||HIGH
EPSS-0.11% / 30.64%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 14:40
Updated-26 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-ThinManager® ThinServer™thinmanager_thinserver
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-2917
Assigner-Rockwell Automation
ShareView Details
Assigner-Rockwell Automation
CVSS Score-9.8||CRITICAL
EPSS-35.10% / 96.90%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 15:10
Updated-08 Oct, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.  Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed.  A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-thinmanager_thinserverThinManager ThinServerthinmanager_thinserver
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-2915
Assigner-Rockwell Automation
ShareView Details
Assigner-Rockwell Automation
CVSS Score-7.5||HIGH
EPSS-12.73% / 93.73%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 15:05
Updated-08 Oct, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-thinmanager_thinserverThinManager ThinServerthinmanager_thinserver
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-2914
Assigner-Rockwell Automation
ShareView Details
Assigner-Rockwell Automation
CVSS Score-7.5||HIGH
EPSS-24.16% / 95.85%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 15:01
Updated-08 Oct, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-thinmanager_thinserverThinManager ThinServerthinmanager_thinserver
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound