cbcvebase.

Rockwellautomation Thinmanager Thinserver vulnerabilities

5 known vulnerabilities affecting rockwellautomation/thinmanager_thinserver.

Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2

Vulnerabilities

Page 1 of 1
CVE-2023-2917P1CRITICALCVSS 9.8PoC≥ 11.0.0, ≤ 11.0.6≥ 11.1.0, ≤ 11.1.6+5 more2023-08-17
CVE-2023-2917 [CRITICAL] CWE-20 CVE-2023-2917: The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerabi The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on
nvd
CVE-2023-2915P1CRITICALCVSS 9.1PoC≥ 11.0.0, ≤ 11.0.6≥ 11.1.0, ≤ 11.1.6+5 more2023-08-17
CVE-2023-2915 [CRITICAL] CWE-20 CVE-2023-2915: The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerabi The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A maliciou
nvd
CVE-2024-7988P2CRITICALCVSS 9.8≥ 11.1.0, < 11.1.8≥ 11.2.0, < 11.2.9+5 more2024-08-26
CVE-2024-7988 [CRITICAL] CWE-20 CVE-2024-7988: A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ tha A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten.
nvd
CVE-2023-2914P3HIGHCVSS 7.5≥ 11.0.0, ≤ 11.0.6≥ 11.1.0, ≤ 11.1.6+5 more2023-08-17
CVE-2023-2914 [HIGH] CWE-20 CVE-2023-2914: The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerabi The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchro
nvd
CVE-2024-7987P3HIGHCVSS 7.8≥ 11.1.0, < 11.1.8≥ 11.2.0, < 11.2.9+5 more2024-08-26
CVE-2024-7987 [HIGH] CWE-434 CVE-2024-7987: A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ tha A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files.
nvd
Rockwellautomation Thinmanager Thinserver vulnerabilities | cvebase