PT-2023-22163 · Rockwell Automation · Rockwell Automation Thinmanager Thinserver

Sven Krewitt

Publicado

2023-07-18

Atualizado

2023-07-27

CVE-2023-2913

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rockwell Automation ThinManager ThinServer (affected versions not specified)

Description A path traversal issue exists in the HTTPS Server Settings API feature of Rockwell Automation ThinManager ThinServer. This feature is disabled by default but can be enabled. When enabled, it allows a remote actor to leverage the server's file system privileges and read arbitrary files. The issue can be exploited by manipulating variables in the path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Relative Path Traversal

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-23CWE-22

Identificadores relacionados

BDU:2025-05641

CVE-2023-2913

Produtos afetados

Rockwell Automation Thinmanager Thinserver

PT-2023-22163 · Rockwell Automation · Rockwell Automation Thinmanager Thinserver

CVE-2023-2913

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7