CVE-2023-2917
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 17, 2023
Updated: Aug 23, 2023
CWE ID 476
Summary
CVE-2023-2917 is a vulnerability affecting the Rockwell Automation Thinmanager Thinserver. This issue involves improper input validation, leading to a path traversal vulnerability. Maliciously crafted filenames can be used to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted synchronization protocol message, potentially gaining remote code execution abilities.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share