Researchers discovered vulnerabilities in Rockwell Automation’s ThinManager ThinServer product that could be exploited in attacks against industrial control systems (ICS).
Rockwell’s ThinManager ThinServer, a thin client and RDP server management program contains one critical and two high-severity vulnerabilities, according to researchers at cybersecurity firm Tenable. The flaws are identified by the CVE codes 2023-2914, 2023-2915, and 2023-2917.
Incorrect input validation issues that can result in integer overflow or path traversal have been identified as the security flaws. By sending specially crafted synchronization protocol messages, remote attackers without prior authentication can take advantage of the flaws.