Loading

PN1618 | ThinManager Software Path Traversal and Denial-Of-Service Attack

Severity:
Critical,
High
Advisory ID:
PN1618
Veröffentlichungsdatum:
March 21, 2023
Zuletzt aktualisiert:
September 08, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Nein
Corrected:
Nein
Workaround:
Nein
CVE IDs
CVE-2023-27855,
CVE-2023-27857,
CVE-2023-27856,
CVE-2023-28757
Zusammenfassung
ThinManager Software Path Traversal and Denial-Of-Service Attack

 

 
Revision Number
1.1
Revision History
Version 1.0 – March 21, 2023 – Initial Version
Version 1.1 - September 8, 2025 - Updated for better readability

Executive Summary

A security issue was discovered by Tenable Security Researchers and reported to Rockwell Automation. This  was discovered in the ThinManager® ThinServer™ software. Successful use of this security issue could allow a threat actor to perform remote code execution on the target or crash the software.

Affected Products

ThinManager ThinServer software Versions
6.x – 10.x
11.0.0 – 11.0.5
11.1.0 – 11.1.5
11.2.0 – 11.2.6
12.0.0 – 12.0.4
12.1.0 – 12.1.5
13.0.0-13.0.1

Security Issue Details

CVE 2023-27855 ThinManager ThinServer Path Traversal Upload

CVSS Base Score: 9.8 /10 (Critical)
CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


A path traversal exists when processing a message. An unauthenticated remote attacker could use this security issue to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker can overwrite existing executable files with attacker-controlled, malicious content. This could cause a remote code execution.

CVE 2023-27856 ThinManager ThinServer Path Traversal Download

CVSS Base Score: 7.5 /10 (High)
CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N


A path traversal exists when processing a message of type 8 in the affected versions. An unauthenticated remote attacker can use this security issue to download arbitrary files on the disk drive where ThinServer.exe is installed.

CVE 2023-27857 ThinManager ThinServer Heap-Based Buffer Overflow

CVSS Base Score: 7.5/10 (High)
CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


A heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field. An unauthenticated remote attacker can use this security issue to crash ThinServer.exe due to a read access violation.

Risk Mitigation & User Action

Customers should use the risk mitigations provided and combine these mitigations with the general security guidelines to use the strategies simultaneously.
CVE-2023-27855
CVE-2023-27856
CVE-2023-27857
First Known Affected Fixed Versions
6.x – 10.x These versions are retired. Please update to the supported version.
11.0.0 – 11.0.5 Update to v11.0.6
11.1.0 – 11.1.5 Update to v11.1.6
11.2.0 – 11.2.6 Update to v11.2.7
12.0.0 – 12.0.4 Update to v12.0.5
12.1.0 – 12.1.5 Update to v12.1.6
13.0.0 – 13.0.1 Update to v13.0.2

Additional Mitigations

If customers are unable to update to the patched version, the following mitigations should be put in place:
  • Limiting remote access to TCP port 2031 to known thin clients and ThinManager servers would limit some access to exploit this vulnerability.

For additional security best practices, please see our Knowledgebase article, QA43240 - Recommended Security Guidelines from Rockwell Automation, to maintain your environment.

References

  • QA41731 - ThinManager Upgrade Instructions
  • CVE-2023-27855
  • CVE-2023-27856
  • CVE-2023-28757

Glossary

Heap-Based Buffer Over-Read Condition: a type of buffer overflow flaw where the execution occurs in the heap data area. An over-read condition occurs when a program, while reading data from a buffer, overruns the buffer’s boundary and reads adjacent memory

Path Traversal: allows attackers to access files and directories that are stored outside the intended directory

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation Startseite
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
Bitte aktualisieren Sie Ihre Cookie-Einstellungen, um fortzufahren.
Für diese Funktion sind Cookies erforderlich, um Ihr Erlebnis zu verbessern. Bitte aktualisieren Sie Ihre Einstellungen, um diese Cookies zuzulassen:
  • Social-Media-Cookies
  • Funktionale Cookies
  • Leistungscookies
  • Marketing-Cookies
  • Alle Cookies
Sie können Ihre Einstellungen jederzeit aktualisieren. Weitere Informationen finden Sie in unserem {0} Datenschutzrichtlinie
CloseClose