cbcvebase.
CVE-2023-2914
published 2023-08-17

CVE-2023-2914: The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected…

PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
27.01%
97.8th percentile
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.

Affected

14 ranges
VendorProductVersion rangeFixed in
rockwell_automationthinmanager_thinserver
rockwell_automationthinmanager_thinserver
rockwell_automationthinmanager_thinserver
rockwell_automationthinmanager_thinserver
rockwell_automationthinmanager_thinserver
rockwell_automationthinmanager_thinserver
rockwell_automationthinmanager_thinserver
rockwellautomationthinmanager_thinserver
rockwellautomationthinmanager_thinserver11.0.0 – 11.0.6
rockwellautomationthinmanager_thinserver11.1.0 – 11.1.6
rockwellautomationthinmanager_thinserver11.2.0 – 11.2.7
rockwellautomationthinmanager_thinserver12.0.0 – 12.0.5
rockwellautomationthinmanager_thinserver12.1.0 – 12.1.6
rockwellautomationthinmanager_thinserver13.0.0 – 13.0.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.