Rockwell ThinManager Critical Vulnerabilities expose Industrial Interfaces
Take action: Since your Rockwell Automation's ThinManager ThinServer is a remote access tool, it's most probably accessible via the internet. If it is, please patch it quickly before the PoC exploit leaks. If not possible, isolate the ThinServer in a closed off network not visible from the internet.
Learn More
Researchers have uncovered critical vulnerabilities within Rockwell Automation's ThinManager ThinServer product, exposing a significant risk to Human Machine Interfaces (HMI) industrial control systems (ICS). The vulnerabilities are tracked as:
- CVE-2023-2914 (CVSS3 score 7.5) - improper input validation vulnerability that allows for a read access violation to occur and terminate a process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial-of-service condition.
- CVE-2023-2915 (CVSS3 score 9.1) - improper input validation vulnerability exposing a path traversal vulnerability when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges causing a denial-of-service condition.
- CVE-2023-2917 (CVSS3 score 9.8) - improper input validation vulnerability exosing path traversal vulnerability , via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed and potentially gain remote code execution abilities.
The vulnerabilities were brought to Rockwell Automation's attention by Tenable in May. Rockwell promptly responded by releasing patches to address the vulnerabilities, however the announcement from Rockwell is only available to paying customers.
Tenable has refrained from publicly disclosing its proof-of-concept (PoC) exploits for security reasons.
