CVE-2023-2443
published 2023-05-11CVE-2023-2443: Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.67%
47.2th percentile
Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| craftcms | cms | >= 0 < 4.4.2 | 4.4.2 |
| rockwell_automation | thinmanager | — | — |
| rockwellautomation | thinmanager | <= 13.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation ThinManager
cisa_ics·2023-05-11·CVSS 7.5
[HIGH] Rockwell Automation ThinManager
ICS Advisory
##
Rockwell Automation ThinManager
Release DateMay 11, 2023
Alert CodeICSA-23-131-15
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: ThinManager
- Vulnerabilities: Inadequate Encryption Strength
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to decrypt traffic sent between the client and server application programming interface (API), resulting in unauthorized access to information.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of ThinManager, a software management platform, are affected:
- ThinManager: Versions 13.0 to 13.0.1
## 3.2 VULNERABILITY OVERVIEW
3.2.1 INADEQUATE ENCRYPTI
GHSA
GHSA-rf4w-vf8x-x7xx: Rockwell Automation ThinManager product allows the use of medium strength ciphers
ghsa_unreviewed·2023-07-06
CVE-2023-2443 [HIGH] CWE-326 GHSA-rf4w-vf8x-x7xx: Rockwell Automation ThinManager product allows the use of medium strength ciphers
Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.
GHSA
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
ghsa·2023-06-13
CVE-2023-30179 [HIGH] CWE-94 Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
## Withdrawn
This advisory has been withdrawn because the CVE has been disputed and the underlying vulnerability is likely invalid. This link is maintained to preserve external references.
[According to maintainers of Craft CMS](https://github.com/github/advisory-database/pull/2443#issuecomment-1610634200), only administrators can access Settings, and those administrators may have business needs for their permissions. Additionally, the underlying issue likely has little to no real-world security impact.
## Original Description
CraftCMS is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Sett
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-11
Published