Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy
CVE-2023-2914

7.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Thinmanager Thinserver
Vendor: CVE Published:; 17 August 2023

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2023-2914?

The Rockwell Automation ThinManager Thinserver is susceptible to improper input validation due to an integer overflow vulnerability. When the ThinManager processes specific incoming messages, it may trigger a read access violation, resulting in an unexpected termination of the process. This allows a malicious actor to exploit the vulnerability by crafting a synchronization protocol message, potentially leading to a denial of service condition. Organizations using ThinManager should apply the latest updates to mitigate this risk.

Affected Version(s)

ThinManager ThinServer 11.0.0 - 11.2.6

ThinManager ThinServer 11.1.0 - 11.1.6

ThinManager ThinServer 11.2.0 - 11.2.7

References

https://rockwellautomation.custhelp.com/app/answers/answe...

EPSS Score

28% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2023
Vulnerability Reserved
May 26, 2023

Credit

This vulnerability was reported to Rockwell Automation by Tenable Network Security.