CVE-2023-2915

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Aug 17, 2023
Updated: Aug 23, 2023
CWE ID 400

Summary

CVE-2023-2915 is a newly identified vulnerability affecting the Rockwell Automation Thinmanager Thinserver. This issue stems from an improper input validation mechanism, leaving the software susceptible to a path traversal vulnerability. An unauthenticated attacker can exploit this flaw by sending a crafted synchronization protocol message, potentially triggering a denial-of-service condition or granting them the ability to delete arbitrary files with system privileges. This vulnerability poses a significant risk to the security of industrial networks using the Rockwell Automation Thinmanager Thinserver.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share