Heap-Based Buffer Overflow in Rockwell Automation ThinManager ThinServer

Heap-Based Buffer Overflow in Rockwell Automation ThinManager ThinServer

CVE-2022-38742 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.

Learn more about our Cis Benchmark Audit For Server Software.