CVE-2023-27856



In affected versions, path traversal exists when processing a message of type 8

 in Rockwell Automation's ThinManager ThinServer. 

An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
RockwellCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
rockwellautomationthinmanager
6.0.0 ≤
𝑥
≤ 10.0.2
rockwellautomationthinmanager
11.0.0 ≤
𝑥
≤ 11.0.5
rockwellautomationthinmanager
11.1.0 ≤
𝑥
≤ 11.1.5
rockwellautomationthinmanager
11.2.0 ≤
𝑥
≤ 11.2.6
rockwellautomationthinmanager
12.0.0 ≤
𝑥
≤ 12.0.4
rockwellautomationthinmanager
12.1.0 ≤
𝑥
≤ 12.1.5
rockwellautomationthinmanager
13.0.0
rockwellautomationthinmanager
13.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640