PT-2023-3018 · Rockwell Automation · Rockwell Automation Thinmanager

Publicado

2023-05-11

Atualizado

2023-05-20

CVE-2023-2443

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rockwell Automation ThinManager (affected versions not specified)

Description The issue is related to the use of medium strength ciphers in the Rockwell Automation ThinManager product. If a client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API. This is due to insufficient encryption strength, which could allow a remote attacker to compromise the target system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

BDU:2023-03082

CVE-2023-2443

Produtos afetados

Rockwell Automation Thinmanager

PT-2023-3018 · Rockwell Automation · Rockwell Automation Thinmanager

CVE-2023-2443

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8