OTPulse
FeedAboutContact

Rockwell ThinManager SSRF Vulnerability

Monitor7.2SD1743Sep 9, 2025
Summary

Rockwell ThinManager contains a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to make requests on behalf of the ThinManager server to internal network resources. The vulnerability affects all versions of ThinManager and impacts the ability to control access to internal systems and data.

What this means
What could happen
An attacker could use ThinManager to make unauthorized requests to internal systems on your network, potentially accessing sensitive data, internal monitoring systems, or other connected infrastructure without needing direct network access to those systems.
Who's at risk
Organizations operating Rockwell ThinManager for thin client terminal management and remote access should be concerned. This affects any facility using ThinManager for operator station management, HMI access, or remote monitoring across manufacturing, water treatment, utility operations, or any industrial environment where ThinManager provides terminal services.
How it could be exploited
An attacker exploits the SSRF vulnerability by crafting a malicious request to ThinManager that causes it to make an outbound request to an internal system (such as a local database, API, or monitoring service). The request originates from ThinManager's network context, bypassing network access controls that would normally block external access to those internal systems.
Prerequisites
  • Network access to ThinManager on the affected port or service
  • Ability to craft a malicious request targeting internal resources accessible from the ThinManager host
remotely exploitableno patch availablecan access internal network resources
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
ThinManager SSRF VulnerabilityAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGImplement network segmentation to restrict ThinManager's outbound network access to only required internal systems and services
WORKAROUNDDeploy a Web Application Firewall (WAF) or proxy in front of ThinManager to validate and filter requests before processing
WORKAROUNDMonitor ThinManager logs for suspicious outbound requests to internal systems and unusual connection patterns
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGRestrict ThinManager's ability to reach internal services by implementing egress filtering rules on the network boundary
View full Rockwell Automation advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a6d5a6e1-d4e4-49b9-900b-d4b946441bae