CVE-2022-38742
Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.
Rockwell Automation ThinManager ThinServer versiones 11.0.0 - 13.0.0, son vulnerables a un desbordamiento del búfer en la región heap de la memoria. Un atacante podría enviar una petición TFTP o HTTPS específicamente diseñada, causando un desbordamiento del búfer en la región heap de la memoria que bloquea el proceso de ThinServer. Si es explotado con éxito, esto podría exponer al servidor a una ejecución de código remota arbitrario.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of HTTPS traffic. When parsing a URI, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-08-24 CVE Reserved
- 2022-09-23 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (0)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rockwellautomation Search vendor "Rockwellautomation" | Thinmanager Search vendor "Rockwellautomation" for product "Thinmanager" | >= 11.0.0 <= 13.0.0 Search vendor "Rockwellautomation" for product "Thinmanager" and version " >= 11.0.0 <= 13.0.0" | - |
Affected
|