Rockwell Automation ThinManager ThinServer Heap-Based Buffer Overflow
CVE-2023-27857

7.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Thinmanager Thinserver
Vendor: CVE Published:; 22 March 2023

Summary

In specific versions of Rockwell Automation's ThinManager ThinServer, a heap-based buffer over-read issue allows an unauthenticated remote attacker to exploit the vulnerability, leading to a potential denial of service through a crash of the ThinServer.exe due to a read access violation. This can result in service interruptions, impacting operational continuity.

Affected Version(s)

ThinManager ThinServer 6.x - 10.x

ThinManager ThinServer 11.0.0 - 11.0.5

ThinManager ThinServer 11.1.0 - 11.1.5

References

https://rockwellautomation.custhelp.com/app/answers/answe...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2023
Vulnerability Reserved
Mar 6, 2023

Credit

Security researchers from Tenable reported this to Rockwell Automation.