CVE-2023-2913
published 2023-07-18CVE-2023-2913: An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is…
PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.27%
66.1th percentile
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | thinmanager_thinserver | — | — |
| rockwell_automation | thinmanager_thinserver | — | — |
| rockwellautomation | thinmanager | 13.0.0 – 13.0.2 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation ThinManager ThinServer
cisa_ics·2023-07-25·CVSS 7.5
[HIGH] Rockwell Automation ThinManager ThinServer
ICS Advisory
##
Rockwell Automation ThinManager ThinServer
Release DateJuly 25, 2023
Alert CodeICSA-23-206-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: ThinManager ThinServer
- Vulnerability: Relative Path Traversal
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software:
- ThinManager ThinServer: version
GHSA
GHSA-w54w-3cc4-mvrq: An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings
ghsa_unreviewed·2023-07-18
CVE-2023-2913 [MEDIUM] CWE-22 GHSA-w54w-3cc4-mvrq: An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.
No detection rules found.
2023-07-18
Published