CVE-2023-27856
Published: 22 March 2023
Summary
CVE-2023-27856 is a high-severity Path Traversal (CWE-22) vulnerability in Rockwellautomation Thinmanager. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 2.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
In Rockwell Automation's ThinManager ThinServer, a path traversal vulnerability exists when processing a message of type 8. The flaw resides in the ThinServer.exe component and is tracked as CWE-22, carrying a CVSS 3.1 score of 7.5 that reflects network attackability without authentication or user interaction.
An unauthenticated remote attacker can send a crafted message of type 8 to retrieve arbitrary files from the disk drive on which ThinServer.exe is installed, exposing sensitive data with high confidentiality impact.
Vendor advisories published at https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640 provide official guidance on the issue. The associated EPSS score rose from lower values to a peak of 0.5473 before receding to the current 0.4820.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-31591
Vulnerability details
In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.