CVE-2023-2917

CRITICAL

ThinManager Path Traversal (CVE-2023-2917) Arbitrary File Upload

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-2917. PoCs published by Michael Heinzl, Tenable, including Metasploit module auxiliary/admin/networking/thinmanager_traversal_upload2.

AI-analyzed exploit summary This Metasploit module exploits CVE-2023-2917, a path traversal vulnerability in ThinManager <= v13.1.0, to upload arbitrary files to the target system. It leverages a custom protocol on TCP port 2031 to achieve file upload with SYSTEM privileges.

Description

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.

Exploits (1)

metasploit WORKING POC

by Michael Heinzl, Tenable · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/networking/thinmanager_traversal_upload2.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-2917, a path traversal vulnerability in ThinManager <= v13.1.0, to upload arbitrary files to the target system. It leverages a custom protocol on TCP port 2031 to achieve file upload with SYSTEM privileges.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Rockwell Automation ThinManager <= v13.1.0

No auth needed

Prerequisites: Network access to TCP port 2031 · Local file to upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Permissions Required

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471

Scores

CVSS v3 9.8

EPSS 0.4069

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-22 CWE-20

Status published

Products (2)

rockwellautomation/thinmanager_thinserver 13.1.0

rockwellautomation/thinmanager_thinserver 11.0.0 - 11.0.6

Published Aug 17, 2023

Tracked Since Feb 18, 2026