You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
thinserver
About this tag
The thinserver tag on WindowsForum.com covers discussions about ThinManager and ThinServer, focusing on security vulnerabilities and best practices. A recent thread highlights CVE-2025-9065, a high-severity Server-Side Request Forgery (SSRF) flaw in Rockwell Automation's ThinManager that can expose ThinServer service account NTLM credentials. The vulnerability affects ThinManager 13.x and 14.0, with a CVSS v4 score of 8.6, and is exploitable with low complexity given authenticated access. Rockwell released a patch in ThinManager v14.1, and the thread discusses layered mitigations including SMB/NTLM hardening for OT environments. The tag is relevant for IT and OT security professionals managing industrial control systems.
Rockwell Automation’s ThinManager has been flagged for a high-severity Server-Side Request Forgery (SSRF) flaw that can expose an industrial control system’s ThinServer service account NTLM credentials, according to a federal advisory reissued on September 9, 2025. The vulnerability—tracked...