Description
In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Rockwell Automation / ThinManager® ThinServer™6.x - 10.x – 6.x - 10.x
- Rockwell Automation / ThinManager® ThinServer™11.0.0 - 11.0.5 – 11.0.0 - 11.0.5
- Rockwell Automation / ThinManager® ThinServer™11.1.0 - 11.1.5 – 11.1.0 - 11.1.5
- Rockwell Automation / ThinManager® ThinServer™11.2.0 - 11.2.6 – 11.2.0 - 11.2.6
- Rockwell Automation / ThinManager® ThinServer™12.0.0 - 12.0.4 – 12.0.0 - 12.0.4
- Rockwell Automation / ThinManager® ThinServer™12.1.0 - 12.1.5 – 12.1.0 - 12.1.5
- Rockwell Automation / ThinManager® ThinServer™13.0.0 - 13.0.1 – 13.0.0 - 13.0.1