Details of VAR-202209-1831

ID

VAR-202209-1831

CVE

CVE-2022-38742

TITLE

Rockwell Automation Made ThinManager ThinServer Heap-based buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002435

DESCRIPTION

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. Rockwell Automation Provided by the company ThinManager ThinServer is a thin client and RDP (( Remote Desktop Protocol ) server management software. ThinManager ThinServer The following vulnerabilities exist in. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of HTTPS traffic. When parsing a URI, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web service

Trust: 2.34

sources: NVD: CVE-2022-38742 // JVNDB: JVNDB-2022-002435 // ZDI: ZDI-22-1302 // VULHUB: VHN-434516

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	thinmanager	scope:	lte	version:	13.0.0	Trust: 1.0
vendor:	rockwellautomation	model:	thinmanager	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	rockwell automation	model:	thinmanager thinserver	scope:	eq	version:	13.0.0	Trust: 0.8
vendor:	rockwell automation	model:	thinmanager thinserver	scope:	eq	version:	11.2.0 to 11.2.5 to	Trust: 0.8
vendor:	rockwell automation	model:	thinmanager thinserver	scope:	eq	version:	12.0.0 to 12.0.2 to	Trust: 0.8
vendor:	rockwell automation	model:	thinmanager thinserver	scope:	eq	version:	11.1.0 to 11.1.4 to	Trust: 0.8
vendor:	rockwell automation	model:	thinmanager thinserver	scope:	eq	version:	12.1.0 to 12.1.3 to	Trust: 0.8
vendor:	rockwell automation	model:	thinmanager thinserver	scope:	eq	version:	11.0.0 to 11.0.4 to	Trust: 0.8
vendor:	rockwell automation	model:	thinmanager thinserver	scope:	eq	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	thinmanager	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-22-1302 // JVNDB: JVNDB-2022-002435 // NVD: CVE-2022-38742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-38742
value:	CRITICAL
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2022-38742
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-38742
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2022-38742
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202209-2416
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-38742
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2022-38742
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-38742
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2022-38742
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-1302 // JVNDB: JVNDB-2022-002435 // CNNVD: CNNVD-202209-2416 // NVD: CVE-2022-38742 // NVD: CVE-2022-38742

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-122	Trust: 1.0
problemtype:	Heap-based buffer overflow (CWE-122) [ others ]	Trust: 0.8

sources: VULHUB: VHN-434516 // JVNDB: JVNDB-2022-002435 // NVD: CVE-2022-38742

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-2416

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202209-2416

PATCH

title:	File Parsing XML Entity in Multiple Products (Login required) Rockwell Automation	url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134596	Trust: 0.8
title:	Rockwell Automation has issued an update to correct this vulnerability.	url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-270-03	Trust: 0.7
title:	Rockwell Automation ThinManager Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209163	Trust: 0.6

sources: ZDI: ZDI-22-1302 // JVNDB: JVNDB-2022-002435 // CNNVD: CNNVD-202209-2416

EXTERNAL IDS

db:	NVD	id:	CVE-2022-38742	Trust: 4.0
db:	ICS CERT	id:	ICSA-22-270-03	Trust: 1.4
db:	JVN	id:	JVNVU93951878	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-002435	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-17482	Trust: 0.7
db:	ZDI	id:	ZDI-22-1302	Trust: 0.7
db:	CNNVD	id:	CNNVD-202209-2416	Trust: 0.6
db:	VULHUB	id:	VHN-434516	Trust: 0.1

sources: ZDI: ZDI-22-1302 // VULHUB: VHN-434516 // JVNDB: JVNDB-2022-002435 // CNNVD: CNNVD-202209-2416 // NVD: CVE-2022-38742

REFERENCES

url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847	Trust: 1.7
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-270-03	Trust: 1.5
url:	http://jvn.jp/vu/jvnvu93951878/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-38742	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-270-03	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-38742/	Trust: 0.6

sources: ZDI: ZDI-22-1302 // VULHUB: VHN-434516 // JVNDB: JVNDB-2022-002435 // CNNVD: CNNVD-202209-2416 // NVD: CVE-2022-38742

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-22-1302

SOURCES

db:	ZDI	id:	ZDI-22-1302
db:	VULHUB	id:	VHN-434516
db:	JVNDB	id:	JVNDB-2022-002435
db:	CNNVD	id:	CNNVD-202209-2416
db:	NVD	id:	CVE-2022-38742

LAST UPDATE DATE

2024-08-14T15:11:15.503000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-1302	date:	2022-09-28T00:00:00
db:	VULHUB	id:	VHN-434516	date:	2022-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-002435	date:	2024-06-13T02:16:00
db:	CNNVD	id:	CNNVD-202209-2416	date:	2022-09-28T00:00:00
db:	NVD	id:	CVE-2022-38742	date:	2022-09-26T22:20:15.477

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-1302	date:	2022-09-28T00:00:00
db:	VULHUB	id:	VHN-434516	date:	2022-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-002435	date:	2022-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202209-2416	date:	2022-09-23T00:00:00
db:	NVD	id:	CVE-2022-38742	date:	2022-09-23T16:15:11.570