Lucene search
HistoryMay 11, 2023 - 7:15 p.m.
CVE-2023-2443
cve-2023-2443
rockwell automation
medium strength ciphers
client-server traffic
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
35.1%
Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.
Affected configurations
Node
rockwellautomationthinmanagerRange≤13.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rockwellautomation | thinmanager | * | cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2023-05-11 19:15:00
cnvd
cnvd
Rockwell Automation ThinManager Encryption Issue Vulnerability
2023-05-17 00:00:00
ics
ics
Rockwell Automation ThinManager
2023-05-11 12:00:00
cvelist
cvelist
CVE-2023-2443
2023-05-11 18:08:08
cve
cve
CVE-2023-2443
2023-05-11 19:15:09
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
35.1%
Related for NVD:CVE-2023-2443