Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27857

In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.

Published

2023-03-22T02:15:48.953

Last Modified

2024-11-21T07:53:35.273

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-125
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rockwellautomation	thinmanager	< 11.0.5	Yes
Application	rockwellautomation	thinmanager	< 11.1.5	Yes
Application	rockwellautomation	thinmanager	< 11.2.6	Yes
Application	rockwellautomation	thinmanager	< 12.0.3	Yes
Application	rockwellautomation	thinmanager	< 12.1.4	Yes
Application	rockwellautomation	thinmanager	13.0.0	Yes

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640 Vendor Advisory ([email protected])
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)