CVE-2023-27856

HIGH

ThinManager Path Traversal (CVE-2023-27856) Arbitrary File Download

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-27856. PoCs published by Michael Heinzl, Tenable, including Metasploit module auxiliary/gather/thinmanager_traversal_download.

AI-analyzed exploit summary This Metasploit module exploits a path traversal vulnerability (CVE-2023-27856) in ThinManager <= v13.0.1 to retrieve arbitrary files from the system. It sends a crafted request to the service listening on TCP port 2031 to read files by traversing directories.

Description

In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.

Exploits (1)

metasploit WORKING POC

by Michael Heinzl, Tenable · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/thinmanager_traversal_download.rb

View Code ZIP pw:eip

This Metasploit module exploits a path traversal vulnerability (CVE-2023-27856) in ThinManager <= v13.0.1 to retrieve arbitrary files from the system. It sends a crafted request to the service listening on TCP port 2031 to read files by traversing directories.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ThinManager <= v13.0.1

No auth needed

Prerequisites: Network access to TCP port 2031

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Permissions Required, Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640

Scores

CVSS v3 7.5

EPSS 0.7613

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

rockwellautomation/thinmanager 13.0.0

rockwellautomation/thinmanager 13.0.1

rockwellautomation/thinmanager 6.0.0 - 10.0.2

Published Mar 22, 2023

Tracked Since Feb 18, 2026