Rockwell Automation ThinManager ThinServer Path Traversal File Upload (CVE-2023-2917)

critical Nessus Plugin ID 180191


An OT application is affected by a path traversal vulnerability.


The Rockwell Automation ThinManager ThinServer running on the remote host is affected by a path traversal vulnerability due to the lack of proper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to upload arbitrary files to any directory on the disk drive where ThinServer is installed.


Apply mitigations in the vendor advisory.

See Also

Plugin Details

Severity: Critical

ID: 180191

File Name: rockwell_thinmanager_thinserver_cve-2023-2917.nbin

Version: 1.3

Type: remote

Family: SCADA

Published: 8/25/2023

Updated: 2/21/2024

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-2917


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:thinmanager

Required KB Items: Services/ra_thinserver_sync

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/16/2023

Vulnerability Publication Date: 8/17/2023

Reference Information

CVE: CVE-2023-2917

ICSA: 23-234-03

TRA: TRA-2023-28