Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy
CVE-2023-2914

7.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Thinmanager Thinserver
Vendor: CVE Published:; 17 August 2023

Summary

The Rockwell Automation ThinManager Thinserver is susceptible to improper input validation due to an integer overflow vulnerability. When the ThinManager processes specific incoming messages, it may trigger a read access violation, resulting in an unexpected termination of the process. This allows a malicious actor to exploit the vulnerability by crafting a synchronization protocol message, potentially leading to a denial of service condition. Organizations using ThinManager should apply the latest updates to mitigate this risk.

Affected Version(s)

ThinManager ThinServer 11.0.0 - 11.2.6

ThinManager ThinServer 11.1.0 - 11.1.6

ThinManager ThinServer 11.2.0 - 11.2.7

References

https://rockwellautomation.custhelp.com/app/answers/answe...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2023
Vulnerability Reserved
May 26, 2023

Credit

This vulnerability was reported to Rockwell Automation by Tenable Network Security.