CVE-2023-27856 - Vulnerability Details - OpenCVE

In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rockwellautomation	Thinmanager

Configuration 1 [-]

OR	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:::::::*
	cpe:2.3:a:rockwellautomation:thinmanager:13.0.1:::::::*

No data.

References

Link	Providers
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640

History

No history.

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2023-03-21T23:55:23.665Z

Updated: 2024-08-02T12:23:30.592Z

Reserved: 2023-03-06T18:21:21.067Z

Link: CVE-2023-27856

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-22T00:15:12.810

Modified: 2024-11-21T07:53:35.160

Link: CVE-2023-27856

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27856", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2023-03-06T18:21:21.067Z", "datePublished": "2023-03-21T23:55:23.665Z", "dateUpdated": "2024-08-02T12:23:30.592Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ThinManager ThinServer", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "6.x - 10.x"}, {"status": "affected", "version": "11.0.0 - 11.0.5"}, {"status": "affected", "version": "11.1.0 - 11.1.5"}, {"status": "affected", "version": "11.2.0 - 11.2.6"}, {"status": "affected", "version": "12.0.0 - 12.0.4"}, {"status": "affected", "version": "12.1.0 - 12.1.5"}, {"status": "affected", "version": "13.0.0 - 13.0.1"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Security researchers from Tenable reported this to Rockwell Automation."}], "datePublic": "2023-03-21T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">In affected versions, path traversal exists when processing a message of type 8</span>\n\n in Rockwell Automation's ThinManager ThinServer. \n\n<span style=\"background-color: rgb(255, 255, 255);\">An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.</span>\n\n </span>\n\n"}], "value": "\n\n\nIn affected versions, path traversal exists when processing a message of type 8\n\n in Rockwell Automation's ThinManager ThinServer. \n\nAn unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.\n\n \n\n"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2023-03-22T00:02:03.568Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.</span><br>"}], "value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Rockwell Automation ThinManager ThinServer Path Traversal Download", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:23:30.592Z"}, "title": "CVE Program Container", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3690F79-0AB9-4FBA-BCF0-BCCCF00EFD31", "versionEndIncluding": "10.0.2", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "68D1B6ED-F052-4CAC-80B0-614AF4FA5455", "versionEndIncluding": "11.0.5", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8066DE9-ACFA-42F9-AC88-08FB8ACC745E", "versionEndIncluding": "11.1.5", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADF30A13-51AD-479B-B0C4-462C059D511B", "versionEndIncluding": "11.2.6", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A809366-5838-445A-8034-787551292BA7", "versionEndIncluding": "12.0.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDC56DD9-44E6-45C0-82F1-0D9EAA2343BC", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7FA8090-F7EB-4C5D-AD9D-7D82F34F34D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:13.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0486F851-53AC-41C5-9ECE-1EA2DB1D3FAC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\n\n\nIn affected versions, path traversal exists when processing a message of type 8\n\n in Rockwell Automation's ThinManager ThinServer. \n\nAn unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.\n\n \n\n"}], "id": "CVE-2023-27856", "lastModified": "2024-11-21T07:53:35.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-22T00:15:12.810", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}