CVE-2023-2913

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Jul 18, 2023

Updated: Jul 27, 2023

CWE ID 20

Summary

CVE-2023-2913 is a path traversal vulnerability affecting the HTTPS Server Settings in Rockwell Automation ThinManager ThinServer. When the API feature is enabled, an attacker can manipulate variables in the file path to read arbitrary files on the server's file system, potentially gaining privileged access. The vulnerability exists due to insufficient input validation, and it is important to note that the API is disabled by default. Organizations using this software are advised to disable the API feature or apply the necessary patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t3b9bH
https://www.cve.org/CVERecord?id=CVE-2023-2913
https://nvd.nist.gov/vuln/detail/CVE-2023-2913

Back to Vulnerability Database

CVE-2023-2913

CVSS 3.1 Score 8.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations