CVE-2023-27855 - OpenCVE

In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rockwellautomation	Thinmanager

Configuration 1 [-]

OR	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:::::::*
	cpe:2.3:a:rockwellautomation:thinmanager:13.0.1:::::::*

No data.

References

Link	Providers
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640

History

No history.

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2023-03-21T23:48:11.750Z

Updated: 2024-08-02T12:23:29.345Z

Reserved: 2023-03-06T18:21:21.067Z

Link: CVE-2023-27855

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-22T00:15:12.670

Modified: 2023-11-07T04:10:19.720

Link: CVE-2023-27855

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27855", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2023-03-06T18:21:21.067Z", "datePublished": "2023-03-21T23:48:11.750Z", "dateUpdated": "2024-08-02T12:23:29.345Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ThinManager ThinServer", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "6.x - 10.x"}, {"status": "affected", "version": "11.0.0 - 11.0.5"}, {"status": "affected", "version": "11.1.0 - 11.1.5"}, {"status": "affected", "version": "11.2.0 - 11.2.6"}, {"status": "affected", "version": "12.0.0 - 12.0.4"}, {"status": "affected", "version": "12.1.0 - 12.1.5"}, {"status": "affected", "version": "13.0.0 - 13.0.1"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Security researchers from Tenable reported this to Rockwell Automation."}], "datePublic": "2023-03-21T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. </span>\n\n"}], "value": "\nIn affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. \n\n"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2023-03-22T00:01:41.197Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.</span><br>"}], "value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Rockwell Automation ThinManager ThinServer Path Traversal Upload", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:23:29.345Z"}, "title": "CVE Program Container", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3690F79-0AB9-4FBA-BCF0-BCCCF00EFD31", "versionEndIncluding": "10.0.2", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "68D1B6ED-F052-4CAC-80B0-614AF4FA5455", "versionEndIncluding": "11.0.5", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8066DE9-ACFA-42F9-AC88-08FB8ACC745E", "versionEndIncluding": "11.1.5", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADF30A13-51AD-479B-B0C4-462C059D511B", "versionEndIncluding": "11.2.6", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A809366-5838-445A-8034-787551292BA7", "versionEndIncluding": "12.0.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDC56DD9-44E6-45C0-82F1-0D9EAA2343BC", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7FA8090-F7EB-4C5D-AD9D-7D82F34F34D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:13.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0486F851-53AC-41C5-9ECE-1EA2DB1D3FAC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nIn affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. \n\n"}], "id": "CVE-2023-27855", "lastModified": "2023-11-07T04:10:19.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2023-03-22T00:15:12.670", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}