"Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks"

Vulnerabilities discovered by researchers at Tenable in Rockwell Automation’s ThinManager ThinServer product could be exploited in attacks aimed at industrial control systems (ICS).  The researchers found one critical and two high-severity vulnerabilities in ThinManager ThinServer, a thin client and RDP server management software offered by Rockwell.  The flaws are tracked as CVE-2023-2914, CVE-2023-2915, and CVE-2023-2917.  The researchers describe the security holes as improper input validation issues that can lead to integer overflow or path traversal.  The researchers noted that remote attackers can exploit the flaws without prior authentication by sending specially crafted synchronization protocol messages.  If the vulnerabilities were exploited, an adversary could cause a denial-of-service (DoS) condition, delete arbitrary files with system privileges, and upload arbitrary files to any folder on the drive where ThinServer.exe is installed.  The researchers reported the vulnerabilities in May, and the researchers released technical details on August 17, the same day Rockwell Automation informed customers about the availability of patches.  

SecurityWeek reports: "Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks"