Rewterz Threat Advisory – ICS: Multiple Rockwell Automation ThinManager Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-27857 CVSS:7.5

Rockwell Automation ThinManager is vulnerable to a denial of service, caused by a heap-based buffer over-read. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-27856 CVSS:7.5

Rockwell Automation ThinManager could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted type 8 message containing “dot dot” sequences (/../) to download arbitrary files from the system.

CVE-2023-27855 CVSS:9.8

Rockwell Automation ThinManager could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted message containing “dot dot” sequences (/../) to overwrite executable files and either invoke them remotely or wait for the system or user to call them to execute arbitrary code on the system.

Impact

• Denial of Service
• Information Disclosure

Indicators Of Compromise

CVE

• CVE-2022-48311

Affected Vendors

Rockwell Automation

Affected Products

• Rockwell Automation ThinManager 10
• Rockwell Automation ThinManager 11.0.0
• Rockwell Automation ThinManager 11.0.5
• Rockwell Automation ThinManager 11.1.0
• Rockwell Automation ThinManager 11.1.5
• Rockwell Automation ThinManager 11.2.0
• Rockwell Automation ThinManager 11.2.6
• Rockwell Automation ThinManager 12.0.0
• Rockwell Automation ThinManager 12.0.4
• Rockwell Automation ThinManager 12.1.0
• Rockwell Automation ThinManager 12.1.5
• Rockwell Automation ThinManager 13.0.0
• Rockwell Automation ThinManager 13.0.1
• Rockwell Automation ThinManager 6

Remediation

Upgrade to the latest version of ThinManager, available from the Rockwell Automation Web site.

Rockwell Automation Website