8.5
CVE-2025-3618
- EPSS 0.07%
- Veröffentlicht 15.04.2025 17:19:53
- Zuletzt bearbeitet 14.07.2025 19:17:04
- Quelle PSIRT@rockwellautomation.com
- CVE-Watchlists
- Unerledigt
Local Privilege Escalation Vulnerability
A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rockwellautomation ≫ Thinmanager Version < 11.2.11
Rockwellautomation ≫ Thinmanager Version >= 12.0.0 < 12.0.9
Rockwellautomation ≫ Thinmanager Version >= 12.1.0 < 12.1.10
Rockwellautomation ≫ Thinmanager Version >= 13.0.0 < 13.0.7
Rockwellautomation ≫ Thinmanager Version >= 13.1.0 < 13.1.5
Rockwellautomation ≫ Thinmanager Version >= 13.2.0 < 13.2.4
Rockwellautomation ≫ Thinmanager Version >= 14.0.0 < 14.0.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.22 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| PSIRT@rockwellautomation.com | 8.5 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.