CVE-2023-2914— Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-2914
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rockwell Automation ThinManager 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rockwell Automation ThinManager是美国罗克韦尔(Rockwell Automation)公司的一款瘦客户端管理软件。允许将瘦客户端同时分配给多个远程桌面服务器。 Rockwell Automation Thinmanager Thinserver存在安全漏洞,该漏洞源于存在整数溢出漏洞。攻击者可利用该漏洞通过发送同步协议消息来导致系统拒绝服务(DoS)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer | 11.0.0 - 11.2.6 | - |
II. Public POCs for CVE-2023-2914
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-2914
请登录查看更多情报信息。
Same Patch Batch · Rockwell Automation · 2023-08-17 · 3 CVEs total
| CVE-2023-2917 | 9.8 CRITICAL | Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnera |
| CVE-2023-2915 | 7.5 HIGH | Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnera |
IV. Related Vulnerabilities
Same product: ThinManager ThinServer
- CVE-2023-2917
Rockwell Automation ThinManager Thinserver Software Vulnerab - CVE-2023-2915
Rockwell Automation ThinManager Thinserver Software Vulnerab - CVE-2023-2913
Rockwell Automation ThinManager ThinServer Path Traversal Vu - CVE-2023-27857
Rockwell Automation ThinManager ThinServer Heap-Based Buffer - CVE-2023-27856
Rockwell Automation ThinManager ThinServer Path Traversal Do
Same vendor: Rockwell Automation
- CVE-2025-9283
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-9282
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-9281
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-9280
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-14027
Rockwell Automation Recommends Upgrading From 1756-RM2 XT To
Same weakness: CWE-20
V. Comments for CVE-2023-2914
No comments yet