Description
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Rockwell Automation / ThinManager® ThinServer™11.0.0 - 11.2.6 – 11.0.0 - 11.2.6
- Rockwell Automation / ThinManager® ThinServer™11.1.0 - 11.1.6 – 11.1.0 - 11.1.6
- Rockwell Automation / ThinManager® ThinServer™11.2.0 - 11.2.7 – 11.2.0 - 11.2.7
- Rockwell Automation / ThinManager® ThinServer™12.0.0 - 12.0.5 – 12.0.0 - 12.0.5
- Rockwell Automation / ThinManager® ThinServer™12.1.0 - 12.1.6 – 12.1.0 - 12.1.6
- Rockwell Automation / ThinManager® ThinServer™13.0.0 - 13.0.2 – 13.0.0 - 13.0.2
- Rockwell Automation / ThinManager® ThinServer™13.1.0 – 13.1.0