Loading

PN1618 | ThinManager Software Path Traversal and Denial-Of-Service Attack

Severity:
Critical,
High
Advisory ID:
PN1618
公開日:
March 21, 2023
最終更新日:
September 08, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
いいえ
Workaround:
いいえ
CVE IDs
CVE-2023-27855,
CVE-2023-27857,
CVE-2023-27856,
CVE-2023-28757
概要
ThinManager Software Path Traversal and Denial-Of-Service Attack

 

 
Revision Number
1.1
Revision History
Version 1.0 – March 21, 2023 – Initial Version
Version 1.1 - September 8, 2025 - Updated for better readability

Executive Summary

A security issue was discovered by Tenable Security Researchers and reported to Rockwell Automation. This  was discovered in the ThinManager® ThinServer™ software. Successful use of this security issue could allow a threat actor to perform remote code execution on the target or crash the software.

Affected Products

ThinManager ThinServer software Versions
6.x – 10.x
11.0.0 – 11.0.5
11.1.0 – 11.1.5
11.2.0 – 11.2.6
12.0.0 – 12.0.4
12.1.0 – 12.1.5
13.0.0-13.0.1

Security Issue Details

CVE 2023-27855 ThinManager ThinServer Path Traversal Upload

CVSS Base Score: 9.8 /10 (Critical)
CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


A path traversal exists when processing a message. An unauthenticated remote attacker could use this security issue to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker can overwrite existing executable files with attacker-controlled, malicious content. This could cause a remote code execution.

CVE 2023-27856 ThinManager ThinServer Path Traversal Download

CVSS Base Score: 7.5 /10 (High)
CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N


A path traversal exists when processing a message of type 8 in the affected versions. An unauthenticated remote attacker can use this security issue to download arbitrary files on the disk drive where ThinServer.exe is installed.

CVE 2023-27857 ThinManager ThinServer Heap-Based Buffer Overflow

CVSS Base Score: 7.5/10 (High)
CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


A heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field. An unauthenticated remote attacker can use this security issue to crash ThinServer.exe due to a read access violation.

Risk Mitigation & User Action

Customers should use the risk mitigations provided and combine these mitigations with the general security guidelines to use the strategies simultaneously.
CVE-2023-27855
CVE-2023-27856
CVE-2023-27857
First Known Affected Fixed Versions
6.x – 10.x These versions are retired. Please update to the supported version.
11.0.0 – 11.0.5 Update to v11.0.6
11.1.0 – 11.1.5 Update to v11.1.6
11.2.0 – 11.2.6 Update to v11.2.7
12.0.0 – 12.0.4 Update to v12.0.5
12.1.0 – 12.1.5 Update to v12.1.6
13.0.0 – 13.0.1 Update to v13.0.2

Additional Mitigations

If customers are unable to update to the patched version, the following mitigations should be put in place:
  • Limiting remote access to TCP port 2031 to known thin clients and ThinManager servers would limit some access to exploit this vulnerability.

For additional security best practices, please see our Knowledgebase article, QA43240 - Recommended Security Guidelines from Rockwell Automation, to maintain your environment.

References

  • QA41731 - ThinManager Upgrade Instructions
  • CVE-2023-27855
  • CVE-2023-27856
  • CVE-2023-28757

Glossary

Heap-Based Buffer Over-Read Condition: a type of buffer overflow flaw where the execution occurs in the heap data area. An over-read condition occurs when a program, while reading data from a buffer, overruns the buffer’s boundary and reads adjacent memory

Path Traversal: allows attackers to access files and directories that are stored outside the intended directory

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left ロックウェル・オートメーションのホーム Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust & Security Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
を続行するには、クッキーの設定を更新してください.
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • ソーシャルメディア・クッキー
  • 機能性クッキー
  • パフォーマンスクッキー
  • マーケティングクッキー
  • 全てのクッキー
いつでも設定を更新することができます。詳しくは{0}をご覧ください プライバシーポリシー
CloseClose