Headline
CVE-2022-38742: ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.
Skip Navigation
menu
- Support Center
- Get Support Chat & Submit a Question Phone Support Holiday Schedule
- Training & Webinars
- Online Forum
- Customer Care Customer Care Overview Phone Support Holiday Schedule
Sign In
Quickly log in or create an account using an existing service
Yahoo
What will happen: When you click on this button you will be taken to Yahoo. Once you log in, Yahoo will verify you and send you back here where you’ll be logged in!
Log In or Create an AccountOpens new dialog
Please log in to continue, Username Password
Email Address *
Username *
Password
Re-enter a value for the field ‘Password’
Must match Password
First Name *
Last Name *
Forgot your username or password?
The page will refresh upon submission. Any pending input will be lost.
03-Feb-2022 - Important product notice regarding Microsoft vulnerability patch (MS KB5004442)
Current product hierarchy
- HMI / Communication
- Performance and Visualization (HMI)
- ThinManager
ID: PN1604 | Access Levels: Everyone
Search
Did you mean:
Published DatePublished Date 09/22/2022
Executive Summary
A vulnerability was discovered by rgod working with Trend Micro’s Zero Day Initiative and reported to Rockwell Automation. The vulnerability was discovered in the ThinManager® ThinServer™ s…
Login Required to View Full Answer Content
Please use the ‘Sign In’ button above
Related news
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics' InfraSuite Device Master, a real-time device monitoring software. All versions prior to 1.0.5 are
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.