CVE-2023-27857

HIGH

Rockwell Automation ThinManager 11.0.0-11.0.4 - Unauthenticated Denial of Service via Heap-Based Buffer Over-Read

Title source: llm

Description

In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.

References (1)

Core 1

Core References

Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640

Scores

CVSS v3 7.5

EPSS 0.1834

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (2)

rockwellautomation/thinmanager 13.0.0

rockwellautomation/thinmanager 11.0.0 - 11.0.5

Published Mar 22, 2023

Tracked Since Feb 18, 2026