ID

VAR-202209-1831


CVE

CVE-2022-38742


TITLE

Rockwell Automation  Made  ThinManager ThinServer  Heap-based buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002435

DESCRIPTION

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. Rockwell Automation Provided by the company ThinManager ThinServer is a thin client and RDP (( Remote Desktop Protocol ) server management software. ThinManager ThinServer The following vulnerabilities exist in. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of HTTPS traffic. When parsing a URI, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web service

Trust: 2.34

sources: NVD: CVE-2022-38742 // JVNDB: JVNDB-2022-002435 // ZDI: ZDI-22-1302 // VULHUB: VHN-434516

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:thinmanagerscope:lteversion:13.0.0

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:gteversion:11.0.0

Trust: 1.0

vendor:rockwell automationmodel:thinmanager thinserverscope:eqversion:13.0.0

Trust: 0.8

vendor:rockwell automationmodel:thinmanager thinserverscope:eqversion:11.2.0 to 11.2.5 to

Trust: 0.8

vendor:rockwell automationmodel:thinmanager thinserverscope:eqversion:12.0.0 to 12.0.2 to

Trust: 0.8

vendor:rockwell automationmodel:thinmanager thinserverscope:eqversion:11.1.0 to 11.1.4 to

Trust: 0.8

vendor:rockwell automationmodel:thinmanager thinserverscope:eqversion:12.1.0 to 12.1.3 to

Trust: 0.8

vendor:rockwell automationmodel:thinmanager thinserverscope:eqversion:11.0.0 to 11.0.4 to

Trust: 0.8

vendor:rockwell automationmodel:thinmanager thinserverscope:eqversion: -

Trust: 0.8

vendor:rockwell automationmodel:thinmanagerscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-1302 // JVNDB: JVNDB-2022-002435 // NVD: CVE-2022-38742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-38742
value: CRITICAL

Trust: 1.0

PSIRT@rockwellautomation.com: CVE-2022-38742
value: HIGH

Trust: 1.0

NVD: CVE-2022-38742
value: CRITICAL

Trust: 0.8

ZDI: CVE-2022-38742
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202209-2416
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-38742
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

PSIRT@rockwellautomation.com: CVE-2022-38742
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-38742
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2022-38742
baseSeverity: HIGH
baseScore: 8.1
vectorString: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-1302 // JVNDB: JVNDB-2022-002435 // CNNVD: CNNVD-202209-2416 // NVD: CVE-2022-38742 // NVD: CVE-2022-38742

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-122

Trust: 1.0

problemtype:Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

sources: VULHUB: VHN-434516 // JVNDB: JVNDB-2022-002435 // NVD: CVE-2022-38742

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-2416

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202209-2416

PATCH

title:File Parsing XML Entity in Multiple Products (Login required) Rockwell Automationurl:https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134596

Trust: 0.8

title:Rockwell Automation has issued an update to correct this vulnerability.url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-270-03

Trust: 0.7

title:Rockwell Automation ThinManager Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209163

Trust: 0.6

sources: ZDI: ZDI-22-1302 // JVNDB: JVNDB-2022-002435 // CNNVD: CNNVD-202209-2416

EXTERNAL IDS

db:NVDid:CVE-2022-38742

Trust: 4.0

db:ICS CERTid:ICSA-22-270-03

Trust: 1.4

db:JVNid:JVNVU93951878

Trust: 0.8

db:JVNDBid:JVNDB-2022-002435

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-17482

Trust: 0.7

db:ZDIid:ZDI-22-1302

Trust: 0.7

db:CNNVDid:CNNVD-202209-2416

Trust: 0.6

db:VULHUBid:VHN-434516

Trust: 0.1

sources: ZDI: ZDI-22-1302 // VULHUB: VHN-434516 // JVNDB: JVNDB-2022-002435 // CNNVD: CNNVD-202209-2416 // NVD: CVE-2022-38742

REFERENCES

url:https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847

Trust: 1.7

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-270-03

Trust: 1.5

url:http://jvn.jp/vu/jvnvu93951878/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-38742

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-270-03

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-38742/

Trust: 0.6

sources: ZDI: ZDI-22-1302 // VULHUB: VHN-434516 // JVNDB: JVNDB-2022-002435 // CNNVD: CNNVD-202209-2416 // NVD: CVE-2022-38742

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-22-1302

SOURCES

db:ZDIid:ZDI-22-1302
db:VULHUBid:VHN-434516
db:JVNDBid:JVNDB-2022-002435
db:CNNVDid:CNNVD-202209-2416
db:NVDid:CVE-2022-38742

LAST UPDATE DATE

2024-08-14T15:11:15.503000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-1302date:2022-09-28T00:00:00
db:VULHUBid:VHN-434516date:2022-09-26T00:00:00
db:JVNDBid:JVNDB-2022-002435date:2024-06-13T02:16:00
db:CNNVDid:CNNVD-202209-2416date:2022-09-28T00:00:00
db:NVDid:CVE-2022-38742date:2022-09-26T22:20:15.477

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-1302date:2022-09-28T00:00:00
db:VULHUBid:VHN-434516date:2022-09-23T00:00:00
db:JVNDBid:JVNDB-2022-002435date:2022-09-29T00:00:00
db:CNNVDid:CNNVD-202209-2416date:2022-09-23T00:00:00
db:NVDid:CVE-2022-38742date:2022-09-23T16:15:11.570