PT-2023-21376 · Rockwell Automation · Thinmanager Thinserver

Security Researchers

Publicado

2023-03-21

Atualizado

2025-06-09

CVE-2023-27856

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rockwell Automation's ThinManager ThinServer (affected versions not specified)

Description Path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this issue to download arbitrary files on the disk drive where ThinServer.exe is installed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2025-05640

CVE-2023-27856

Produtos afetados

Thinmanager Thinserver

PT-2023-21376 · Rockwell Automation · Thinmanager Thinserver

CVE-2023-27856

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8