CVE-2023-27857
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field
in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer | 6.x - 10.x | affected |
| Rockwell Automation | ThinManager ThinServer | 11.0.0 - 11.0.5 | affected |
| Rockwell Automation | ThinManager ThinServer | 11.1.0 - 11.1.5 | affected |
| Rockwell Automation | ThinManager ThinServer | 11.2.0 - 11.2.6 | affected |
| Rockwell Automation | ThinManager ThinServer | 12.0.0 - 12.0.4 | affected |
| Rockwell Automation | ThinManager ThinServer | 12.1.0 - 12.1.5 | affected |
| Rockwell Automation | ThinManager ThinServer | 13.0.0 - 13.0.1 | affected |
Weaknesses
- CWE-125: CWE-125 Out-of-bounds Read
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.