In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Rockwell
Published: 2023-03-21T23:48:11.750Z
Updated: 2024-08-02T12:23:29.345Z
Reserved: 2023-03-06T18:21:21.067Z
Link: CVE-2023-27855
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-03-22T00:15:12.670
Modified: 2024-11-21T07:53:35.047
Link: CVE-2023-27855
Redhat
No data.