CVE-2023-2915

Name of the Vulnerable Software and Affected Versions Rockwell Automation Thinmanager Thinserver (affected versions not specified)

Description The issue is related to improper input validation, leading to a path traversal vulnerability when the ThinManager software processes a certain function. This can allow an unauthenticated remote threat actor to delete arbitrary files with system privileges. A malicious user can exploit this by sending a specifically crafted synchronization protocol message, resulting in a denial-of-service condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.