PT-2023-21376 · Rockwell Automation · Thinmanager Thinserver

Security Researchers

Published

2023-03-21

Updated

2025-06-09

CVE-2023-27856

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rockwell Automation's ThinManager ThinServer (affected versions not specified)

Description Path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this issue to download arbitrary files on the disk drive where ThinServer.exe is installed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2025-05640

CVE-2023-27856

Affected Products

Thinmanager Thinserver

PT-2023-21376 · Rockwell Automation · Thinmanager Thinserver

CVE-2023-27856

Weakness Enumeration

Related Identifiers

Affected Products

References · 8