TCP: Rockwell Automation ThinManager ThinServer Integer Overflow
This signature detects attempts to exploit a known vulnerability against Rockwell Automation ThinManager ThinServer. A successful attack can result in a denial-of-service condition.
Extended Description
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.
Affected Products
Rockwellautomation thinmanager_thinserver
References
CVE: CVE-2023-2914
Short Name
TCP:C2S:RCKWL-INT-OVFLW-DOS
Severity
Major
Recommended
False
Recommended Action
None
Category
TCP
Keywords
Automation CVE-2023-2914 Integer Overflow Rockwell ThinManager ThinServer
Release Date
09/07/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3631
Port
TCP/2031
False Positive
Rarely
Vendors
Rockwellautomation