← Back to home
ICSA-23-206-02  ·  Published 2023-07-25  ·  View on CISA ICS-CERT ↗

Rockwell Automation ThinManager ThinServer

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow a remote actor to leverage the privileges of the server's file system and read arbitrary files stored in it.

CVEs (1)

Remediations

  • Rockwell Automation encourages users of the affected software to apply risk mitigations, if possible, and encourages customers to implement their suggested security best practices to minimize the potential risk of vulnerability:
  • Update to the corrected software versions: 13.0.3 and 13.1.1 or later.
  • Disable the API feature and use a service account with appropriate access for the application.
  • For more information, users should see Rockwell Automation's security advisory (login required).

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · ThinManager ThinServer >=13.0.0 | <= 13.0.2 | 13.1.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more