CVE-2023-2917 Information

Description

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.  Due to an improper input validation a path traversal vulnerability exists via the filename field when the ThinManager processes a certain function. If exploited an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed.  A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.

Reference

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471