PT-2023-22163 · Rockwell Automation · Rockwell Automation Thinmanager Thinserver
Sven Krewitt
·
Published
2023-07-18
·
Updated
2023-07-27
·
CVE-2023-2913
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Rockwell Automation ThinManager ThinServer (affected versions not specified)
Description
A path traversal issue exists in the HTTPS Server Settings API feature of Rockwell Automation ThinManager ThinServer. This feature is disabled by default but can be enabled. When enabled, it allows a remote actor to leverage the server's file system privileges and read arbitrary files. The issue can be exploited by manipulating variables in the path.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Relative Path Traversal
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rockwell Automation Thinmanager Thinserver