Rockwell Automation ThinManager
Easy fix2 remedies
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*
Easy fix2 remedies
- >= 13.0, <= 14.0
Rockwell Automation ThinManager Server-Side Request Forgery Vulnerability
Vulnerability
Patched
A server-side request forgery (SSRF) vulnerability has been identified in Rockwell Automation ThinManager software versions 13.0 through 14.0. This vulnerability arises from inadequate input sanitization, allowing authenticated attackers to exploit it by specifying external SMB paths. Such exploitation can expose the NTLM hash of the ThinServer service account.
Impact
Exploitation of this vulnerability allows authenticated attackers to perform server-side request forgery, potentially leading to unauthorized access to internal services or resources. In this case, it specifically allows exposure of the ThinServer service account's NTLM hash, which could be used in further attacks, such as NTLM relay or pass-the-hash attacks.
Remediation
Users can upgrade to ThinManager version 14.1 to address this vulnerability. For those unable to upgrade, Rockwell Automation recommends following their security best practices and consulting a Microsoft article on blocking NTLM connections over SMB in Windows Server 2025.
Added: Sep 9, 2025, 1:19 PM
Updated: Sep 9, 2025, 4:51 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
2.5exploitability
4.9remediation
7.9relevance
0.5threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.