CVE-2023-2917 – Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2917
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-2915 – Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2915
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-2914 – Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy
https://notcve.org/view.php?id=CVE-2023-2914
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •