cbcvebase.
CVE-2022-38742
published 2022-09-23

CVE-2022-38742: Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
21.83%
97.3th percentile
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
rockwell_automationthinmanager_thinserver11.0.0 – 13.0.0
rockwellautomationthinmanager11.0.0 – 13.0.0

Detection & IOCsextracted from sources · hover to see the quote

  • Detect specifically crafted TFTP or HTTPS requests targeting ThinManager ThinServer, which trigger a heap-based buffer overflow crashing the ThinServer process
  • Monitor ThinManager TFTP and HTTPS ports for inbound connections from endpoints that are NOT ThinManager-managed thin clients, as these are the attack vectors
  • Alert on unexpected crashes or restarts of the ThinServer process, which may indicate exploitation attempts of the heap-based buffer overflow
  • ·Attack complexity is rated HIGH (AC:H in CVSS vector), meaning exploitation requires specific conditions to be met; not trivially exploitable
  • ·No known public exploits specifically target this vulnerability at time of advisory publication
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.