PT-2023-3018 · Rockwell Automation · Rockwell Automation Thinmanager

Published

2023-05-11

Updated

2023-05-20

CVE-2023-2443

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rockwell Automation ThinManager (affected versions not specified)

Description The issue is related to the use of medium strength ciphers in the Rockwell Automation ThinManager product. If a client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API. This is due to insufficient encryption strength, which could allow a remote attacker to compromise the target system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

BDU:2023-03082

CVE-2023-2443

Affected Products

Rockwell Automation Thinmanager

PT-2023-3018 · Rockwell Automation · Rockwell Automation Thinmanager

CVE-2023-2443

Weakness Enumeration

Related Identifiers

Affected Products

References · 8