HQ/EMEAFind out how we can help your business
Researchers discovered multiple vulnerabilities in Rockwell’s thin client and RDP server management software, ThinManager ThinServer. The flaws are CVE-2023-2914, CVE-2023-2915 and CVE-2023-2917; one is a critical vulnerability, and the others are high-severity flaws.
Based on reports, the flaws are improper validation issues that could lead to integer overflow or path traversal. Potential hackers could exploit the flaw without prior authentication by sending specially crafted synchronisation protocol messages.
The ThinManager flaws could provide hackers with several malicious capabilities.
Hackers who could exploit the ThinManager vulnerabilities would acquire capabilities, such as DoS condition, removing arbitrary files with system privileges, and uploading arbitrary archives to any folder on the drive with the ThinServer[.]exe.
The researchers have already reported the vulnerabilities to its vendor. As of now, they have already developed proof-of-concept exploits but have yet to make it publicly available.
The vendor revealed that the only requirement for exploitation is access to the network that hosts the vulnerable server. However, researchers also claimed that exploiting the vulnerabilities could come from the internet if the server has a direct connection and exposure to the web.
Furthermore, successful exploitation could allow an attacker complete control of the ThinServer. The primary impact of this issue will depend on the environment, server configuration, and the content types the server is placed in and intended to infiltrate.
The company explained that the product’s primary function is human-machine interfaces to control and monitor industrial equipment and tools.
The vulnerabilities could have significant implications for various industries since they could allow access to an attacker to the HMIs. A successful intrusion could enable an attacker to transition from controlling HMIs to attacking other assets on the network.
The Rockwell Automation product vulnerabilities are susceptible to exploits from threat actors. One instance is that an unnamed APT has targeted two of the company’s ControlLogix vulnerabilities. Exploiting the flaw could cause disruption or damage in critical infrastructure organisations.
Rockwell described the flaw as a new exploit capability. Fortunately, researchers have not found evidence of exploitation in the cybercriminal landscape.
Experts advise organisations to be mindful of these vulnerabilities until the company rolls out the updates that would fix the bugs.
