CVE-2022-38742

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847	Permissions Required Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*

History

26 Sep 2022, 22:20

Type	Values Removed	Values Added
CPE		cpe:2.3:a:rockwellautomation:thinmanager::::::::
First Time		Rockwellautomation thinmanager Rockwellautomation
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		CWE-787
References	~~(MISC) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847 -~~	(MISC) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847 - Permissions Required, Vendor Advisory

23 Sep 2022, 16:31

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-23 16:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-38742

Mitre link : CVE-2022-38742

CVE.ORG link : CVE-2022-38742

JSON object : View

Products Affected

rockwellautomation

thinmanager

CWE

CWE-787

Out-of-bounds Write

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2022-38742", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2022-09-23T16:15:11.570", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847", "tags": ["Permissions Required", "Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution."}, {"lang": "es", "value": "Rockwell Automation ThinManager ThinServer versiones 11.0.0 - 13.0.0, son vulnerables a un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria. Un atacante podr\u00eda enviar una petici\u00f3n TFTP o HTTPS espec\u00edficamente dise\u00f1ada, causando un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria que bloquea el proceso de ThinServer. Si es explotado con \u00e9xito, esto podr\u00eda exponer al servidor a una ejecuci\u00f3n de c\u00f3digo remota arbitrario."}], "lastModified": "2022-09-26T22:20:15.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5244D82A-CE1D-4C9A-9364-7855C15E22BD", "versionEndIncluding": "13.0.0", "versionStartIncluding": "11.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}