CVE-2023-2917

Name of the Vulnerable Software and Affected Versions Rockwell Automation ThinManager ThinServer (affected versions not specified)

Description The issue exists due to insufficient input validation in the ThinServer component of the Rockwell Automation ThinManager platform. This allows a remote attacker to potentially execute arbitrary code by exploiting the vulnerability. Specifically, a path traversal vulnerability exists via the filename field when the ThinManager processes a certain function, enabling an unauthenticated remote attacker to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. Exploitation can occur through sending a crafted synchronization protocol message, potentially leading to remote code execution abilities.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.