CVE-2023-27857

HIGH

Rockwellautomation Thinmanager < 11.0.5 - Out-of-Bounds Read

Title source: rule

Description

In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.

References (1)

Core 1

Core References

Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640

Scores

CVSS v3 7.5

EPSS 0.1737

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (2)

rockwellautomation/thinmanager 13.0.0

rockwellautomation/thinmanager 11.0.0 - 11.0.5

Published Mar 22, 2023

Tracked Since Feb 18, 2026