CVE-2023-2914
published 2023-08-17CVE-2023-2914: The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected…
PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
27.01%
97.8th percentile
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | thinmanager_thinserver | — | — |
| rockwell_automation | thinmanager_thinserver | — | — |
| rockwell_automation | thinmanager_thinserver | — | — |
| rockwell_automation | thinmanager_thinserver | — | — |
| rockwell_automation | thinmanager_thinserver | — | — |
| rockwell_automation | thinmanager_thinserver | — | — |
| rockwell_automation | thinmanager_thinserver | — | — |
| rockwellautomation | thinmanager_thinserver | — | — |
| rockwellautomation | thinmanager_thinserver | 11.0.0 – 11.0.6 | — |
| rockwellautomation | thinmanager_thinserver | 11.1.0 – 11.1.6 | — |
| rockwellautomation | thinmanager_thinserver | 11.2.0 – 11.2.7 | — |
| rockwellautomation | thinmanager_thinserver | 12.0.0 – 12.0.5 | — |
| rockwellautomation | thinmanager_thinserver | 12.1.0 – 12.1.6 | — |
| rockwellautomation | thinmanager_thinserver | 13.0.0 – 13.0.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation ThinManager ThinServer
cisa_ics·2023-08-22·CVSS 7.5
[HIGH] Rockwell Automation ThinManager ThinServer
ICS Advisory
##
Rockwell Automation ThinManager ThinServer
Release DateAugust 22, 2023
Alert CodeICSA-23-234-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: ThinManager ThinServer
- Vulnerabilities: Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to remotely delete arbitrary files with system privileges.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software:
- ThinManager ThinServer: Versions 11.0.0-11.0.6
- ThinManage
GHSA
GHSA-hc2h-534m-88fw: The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the
ghsa_unreviewed·2023-08-17
CVE-2023-2914 [HIGH] CWE-190 GHSA-hc2h-534m-88fw: The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.
No detection rules found.
No public exploits indexed.
Tenable
Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities
blogs_tenable·2024-06-25
Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities
blogs_tenable·2023-08-17
Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2023-08-17
Published