CVE-2025-3618

A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::
	cpe:2.3:a:rockwellautomation:thinmanager::::::::

History

14 Jul 2025, 19:17

Type	Values Removed	Values Added
CPE		cpe:2.3:a:rockwellautomation:thinmanager::::::::
First Time		Rockwellautomation thinmanager Rockwellautomation
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html -~~	() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html - Vendor Advisory

17 Apr 2025, 18:15

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de denegación de servicio en Rockwell Automation ThinManager. El software no verifica adecuadamente el resultado de la asignación de memoria al procesar mensajes de tipo 18. Si se explota, un atacante podría provocar una denegación de servicio en el software objetivo.
CWE		CWE-119

15 Apr 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-15 18:15

Updated : 2025-07-14 19:17

NVD link : CVE-2025-3618

Mitre link : CVE-2025-3618

CVE.ORG link : CVE-2025-3618

JSON object : View

Products Affected

rockwellautomation

thinmanager

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2025-3618", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-15T18:15:53.767", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html", "tags": ["Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en Rockwell Automation ThinManager. El software no verifica adecuadamente el resultado de la asignaci\u00f3n de memoria al procesar mensajes de tipo 18. Si se explota, un atacante podr\u00eda provocar una denegaci\u00f3n de servicio en el software objetivo."}], "lastModified": "2025-07-14T19:17:04.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B3C2FCE-D93F-4EB6-A376-7F45D990CEC7", "versionEndExcluding": "11.2.11"}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15BB8CC2-E068-4DE0-AFED-18A347780A6D", "versionEndExcluding": "12.0.9", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A02BD87-497D-41A4-A43E-A2C57A4EB1B7", "versionEndExcluding": "12.1.10", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "854BB218-0C31-4B15-B985-667CFB4327C6", "versionEndExcluding": "13.0.7", "versionStartIncluding": "13.0.0"}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16640933-7F09-4191-99CB-5B98414C12E7", "versionEndExcluding": "13.1.5", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55443917-D3EF-4BF2-A835-5315590E3190", "versionEndExcluding": "13.2.4", "versionStartIncluding": "13.2.0"}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFAAF709-3C91-408C-A368-EB2EA0E6B5FA", "versionEndExcluding": "14.0.2", "versionStartIncluding": "14.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}