CVE-2023-27857

In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer.  An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*

History

25 Oct 2023, 18:17

Type Values Removed Values Added
Summary In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation. In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer.  An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.

29 Mar 2023, 13:14

Type Values Removed Values Added
CPE cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*
CWE CWE-125
First Time Rockwellautomation thinmanager
Rockwellautomation
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (MISC) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640 - (MISC) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640 - Vendor Advisory

22 Mar 2023, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-22 02:15

Updated : 2024-01-09 02:31


NVD link : CVE-2023-27857

Mitre link : CVE-2023-27857

CVE.ORG link : CVE-2023-27857


JSON object : View

Products Affected

rockwellautomation

  • thinmanager
CWE
CWE-125

Out-of-bounds Read