CVE-2023-27855
Summary
| CVE | CVE-2023-27855 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-22 00:15:00 UTC |
| Updated | 2023-11-07 04:10:00 UTC |
| Description | In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rockwellautomation | Thinmanager | 13.0.0 | All | All | All |
| Application | Rockwellautomation | Thinmanager | 13.0.1 | All | All | All |
| Application | Rockwellautomation | Thinmanager | All | All | All | All |
| Application | Rockwellautomation | Thinmanager | All | All | All | All |
| Application | Rockwellautomation | Thinmanager | All | All | All | All |
| Application | Rockwellautomation | Thinmanager | All | All | All | All |
| Application | Rockwellautomation | Thinmanager | All | All | All | All |
| Application | Rockwellautomation | Thinmanager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Internet Archive: Scheduled Maintenance | MISC | rockwellautomation.custhelp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.