Description
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Rockwell Automation / ThinManager® ThinServer™11.0.0 - 11.2.6 – 11.0.0 - 11.2.6
- Rockwell Automation / ThinManager® ThinServer™11.1.0 - 11.1.6 – 11.1.0 - 11.1.6
- Rockwell Automation / ThinManager® ThinServer™11.2.0 - 11.2.7 – 11.2.0 - 11.2.7
- Rockwell Automation / ThinManager® ThinServer™12.0.0 - 12.0.5 – 12.0.0 - 12.0.5
- Rockwell Automation / ThinManager® ThinServer™12.1.0 - 12.1.6 – 12.1.0 - 12.1.6
- Rockwell Automation / ThinManager® ThinServer™13.0.0 - 13.0.2 – 13.0.0 - 13.0.2
- Rockwell Automation / ThinManager® ThinServer™13.1.0 – 13.1.0