Rockwell Automation ThinManager ThinServer Path Traversal File Upload (CVE-2023-2917)

critical Nessus Plugin ID 180191

Synopsis

An OT application is affected by a path traversal vulnerability.

Description

The Rockwell Automation ThinManager ThinServer running on the remote host is affected by a path traversal vulnerability due to the lack of proper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to upload arbitrary files to any directory on the disk drive where ThinServer is installed.

Solution

Apply mitigations in the vendor advisory.

See Also

http://www.nessus.org/u?a0eb7365

https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-03

Plugin Details

Severity: Critical

ID: 180191

File Name: rockwell_thinmanager_thinserver_cve-2023-2917.nbin

Version: 1.6

Type: remote

Family: SCADA

Published: 8/25/2023

Updated: 7/17/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-2917

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:thinmanager

Required KB Items: Services/ra_thinserver_sync

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/16/2023

Vulnerability Publication Date: 8/17/2023

Reference Information

CVE: CVE-2023-2917

ICSA: 23-234-03

TRA: TRA-2023-28