Factorytalk Thinmanager
Monthly
Arbitrary file write in Rockwell Automation FactoryTalk ThinManager allows an authenticated attacker to abuse a path traversal flaw in the software's API, saving files outside the application's intended directory into restricted system locations. Because CWE-22 file-write primitives on a Windows-based OT management server commonly enable code execution or service disruption, this carries an integrity and availability impact (CVSS 4.0 base 7.2). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Arbitrary file write in Rockwell Automation FactoryTalk ThinManager allows an authenticated attacker to abuse a path traversal flaw in the software's API, saving files outside the application's intended directory into restricted system locations. Because CWE-22 file-write primitives on a Windows-based OT management server commonly enable code execution or service disruption, this carries an integrity and availability impact (CVSS 4.0 base 7.2). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.