virus logo Intrusion Prevention

RA.ThinManager.CVE-2023-27855.Directory.Traveral

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Rockwell Automation ThinManager ThinServer.
The vulnerability is due to improper validation of user data in the ThinServer component. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could, in the worst case, result in arbitrary code execution under the security context of SYSTEM.

affected-products-logoAffected Products

Rockwell Automation ThinManager ThinServer 11.0.0 through 11.0.5
Rockwell Automation ThinManager ThinServer 11.1.0 through 11.1.5
Rockwell Automation ThinManager ThinServer 11.2.0 through 11.2.6
Rockwell Automation ThinManager ThinServer 12.0.0 through 12.0.4
Rockwell Automation ThinManager ThinServer 12.1.0 through 12.1.5
Rockwell Automation ThinManager ThinServer 13.0.0 through 13.0.1
Rockwell Automation ThinManager ThinServer 6.x through 10.x

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

ICSA-23-080-06
ID 52894
Created Apr 24, 2023
Updated May 12, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2023-27855
Exploit Prediction Score 0.14%
Default Action drop
Active
Affected OS Windows
Affected App SCADA