Denial-of-Service Vulnerability in Rockwell Automation ThinManager
CVE-2025-3618

8.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Thinmanager
Vendor: CVE Published:; 15 April 2025

Summary

A denial-of-service vulnerability exists in Rockwell Automation's ThinManager software due to inadequate verification of memory allocation outcomes while processing Type 18 messages. This flaw could allow a threat actor to disrupt services, leading to a potential halt in operations. Organizations using ThinManager should implement recommended security measures to protect against exploitation.

Affected Version(s)

ThinManager v14.0.1 and earlier

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Apr 14, 2025