CVE-2023-27855 : In affected versions, a path traversal exists when processing a message in Rockw

In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.

Published 2023-03-22 00:15:13

Updated 2023-03-24 20:34:12

Source Rockwell Automation

View at NVD, CVE.org

Vulnerability category: Directory traversalExecute code

Products affected by CVE-2023-27855

Rockwellautomation » Thinmanager
Versions from including (>=) 12.0.0 and up to, including, (<=) 12.0.4
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
Matching versions
Rockwellautomation » Thinmanager
Versions from including (>=) 11.0.0 and up to, including, (<=) 11.0.5
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
Matching versions
Rockwellautomation » Thinmanager
Versions from including (>=) 11.2.0 and up to, including, (<=) 11.2.6
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
Matching versions
Rockwellautomation » Thinmanager
Versions from including (>=) 6.0.0 and up to, including, (<=) 10.0.2
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
Matching versions
Rockwellautomation » Thinmanager
Versions from including (>=) 11.1.0 and up to, including, (<=) 11.1.5
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
Matching versions
Rockwellautomation » Thinmanager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
Matching versions
Rockwellautomation » Thinmanager » Version: 13.0.0
cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*
Matching versions
Rockwellautomation » Thinmanager » Version: 13.0.1
cpe:2.3:a:rockwellautomation:thinmanager:13.0.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-27855

EPSS FAQ

55.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-27855

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	Rockwell Automation
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-27855

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Assigned by:
- nvd@nist.gov (Primary)
- PSIRT@rockwellautomation.com (Secondary)

References for CVE-2023-27855

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640

ThinManager Software Path Traversal and Denial-Of-Service Attack
Permissions Required;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-27855

Products affected by CVE-2023-27855

Exploit prediction scoring system (EPSS) score for CVE-2023-27855

CVSS scores for CVE-2023-27855

CWE ids for CVE-2023-27855

References for CVE-2023-27855