8.5
CVE-2025-3618
- EPSS 0.02%
- Veröffentlicht 15.04.2025 17:19:53
- Zuletzt bearbeitet 14.07.2025 19:17:04
- Quelle PSIRT@rockwellautomation.com
- CVE-Watchlists
- Unerledigt
A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Rockwellautomation ≫ Thinmanager Version < 11.2.11
Rockwellautomation ≫ Thinmanager Version >= 12.0.0 < 12.0.9
Rockwellautomation ≫ Thinmanager Version >= 12.1.0 < 12.1.10
Rockwellautomation ≫ Thinmanager Version >= 13.0.0 < 13.0.7
Rockwellautomation ≫ Thinmanager Version >= 13.1.0 < 13.1.5
Rockwellautomation ≫ Thinmanager Version >= 13.2.0 < 13.2.4
Rockwellautomation ≫ Thinmanager Version >= 14.0.0 < 14.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.037 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| PSIRT@rockwellautomation.com | 8.5 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.