CVE-2022-38742
published 2022-09-23CVE-2022-38742: Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
21.83%
97.3th percentile
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | thinmanager_thinserver | 11.0.0 – 13.0.0 | — |
| rockwellautomation | thinmanager | 11.0.0 – 13.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect specifically crafted TFTP or HTTPS requests targeting ThinManager ThinServer, which trigger a heap-based buffer overflow crashing the ThinServer process ↗
- →Monitor ThinManager TFTP and HTTPS ports for inbound connections from endpoints that are NOT ThinManager-managed thin clients, as these are the attack vectors ↗
- →Alert on unexpected crashes or restarts of the ThinServer process, which may indicate exploitation attempts of the heap-based buffer overflow ↗
- ·Attack complexity is rated HIGH (AC:H in CVSS vector), meaning exploitation requires specific conditions to be met; not trivially exploitable ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation ThinManager ThinServer
cisa_ics·2022-09-27·CVSS 8.1
[HIGH] Rockwell Automation ThinManager ThinServer
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation ThinManager ThinServer
Last RevisedSeptember 27, 2022
Alert CodeICSA-22-270-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.1
- ATTENTION: Exploitable remotely
- Vendor: Rockwell Automation
- Equipment: ThinManager ThinServer
- Vulnerability: Heap-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to the software crashing; a buffer overflow condition may allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Rockwell Automation reports this vulnerability affects the following versions of
GHSA
GHSA-rvg5-w7ph-h5wx: Rockwell Automation ThinManager ThinServer versions 11
ghsa_unreviewed·2022-09-25
CVE-2022-38742 [CRITICAL] CWE-787 GHSA-rvg5-w7ph-h5wx: Rockwell Automation ThinManager ThinServer versions 11
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-23
Published