Severity:
Critical,
High
Advisory ID:
PN1638
發佈日期:
August 17, 2023
最近更新:
August 17, 2023
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
否
Corrected:
否
Workaround:
否
CVE IDs
CVE-2023-2917,
CVE-2023-2914,
CVE-2023-2915
摘要
ThinManager® ThinServer™ Input Validation Vulnerabilities
Revision History
Revision Number
1.0
Revision History
Version 1.0 – August 17, 2023
Affected Products
Affected Product | Vulnerability | First Known in Software Versions | Corrected in Software Versions |
ThinManager® ThinServer™ |
|
|
Vulnerability Details
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities. This vulnerability was discovered and reported to Rockwell Automation by security researchers at Tenable Network Security.
CVE-2023-2914 IMPACT
Due to improper input validation, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message.
CVE-2023-2915 IMPACT
Due to improper input validation, a path traversal vulnerability exists when the ThinManager processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message.
CVE-2023-2917 IMPACT
Due to improper input validation, a path traversal vulnerability exists, via the file name field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message.
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
CVE-2023-2914 IMPACT
Due to improper input validation, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message.
CVSS Base Score: 7.5/10
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: 20 Improper Input Validation
CVE-2023-2915 IMPACT
Due to improper input validation, a path traversal vulnerability exists when the ThinManager processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message.
CVSS Base Score: 7.5/10
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: 20 Improper Input Validation
CVE-2023-2917 IMPACT
Due to improper input validation, a path traversal vulnerability exists, via the file name field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message.
CVSS Base Score: 9.8/10
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: 20 Improper Input Validation
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
Risk Mitigation & User Action
Customers using the affected software are encouraged to apply mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.
- Update to the corrected software versions.
- Limit remote access for TCP Port 2031 to known thin clients and ThinManager servers.
- QA43240 - Recommended Security Guidelines from Rockwell Automation
Additional Resources
Copyright ©2022 Rockwell Automation, Inc.