Loading

PN1625 | Inadequate Encryption Vulnerability in ThinManager®

Severity:
High
Advisory ID:
PN1625
公開日:
May 12, 2023
最終更新日:
September 09, 2025
Revision Number:
2.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
いいえ
Workaround:
いいえ
CVE IDs
CVE-2023-2443
概要
Inadequate Encryption Vulnerability in ThinManager®

 

Revision Number
1.2
Revision History
Version 1.0 - May 11, 2023
Version 1.1 - May 12, 2023 – Updated First Known in Software Version
Version 1.2 - September 9, 2025 - Updated for readability

Affected Products

Affected Product First Known in Software Version Corrected in Software Version
ThinManager ® v13.0.0 and v13.0.1 v13.0.2

Security Issue Details

Rockwell Automation uses the latest version of the CVSS scoring system to assess the security issues.

CVE-2023-2443 IMPACT
The affected product allows use of medium strength ciphers.  If the client requests an insecure cipher, a threat actor could decrypt traffic sent between the client and server Application Programming Interface (API).

CVSS Base Score: 7.5/10
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: Inadequate Encryption Strength


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.

Risk Mitigation & User Action

Customers using the affected software should use the risk mitigations and our suggested security best practices found below to minimize risks.
  • Upgrade to v13.0.2.
  • Do not use 3DES encryption algorithm.
  • QA43240 - Recommended Security Guidelines from Rockwell Automation

Additional Resources

  • CVE-2023-2443 JSON
  • QA60051 - ThinManager : Download Patches and Updates
  • QA66518 - ThinManager: How to Ensure 3DES Encryption Algorithm is Not Used

Glossary

Application Programming Interface: (API) is a set of protocols and tools that allow different software applications to communicate with each other.

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

Medium Strength Ciphers: encryption methods that use key lengths of at least 64 bits and less than 112bits, or those with key lengths at least 56 bits and less than 112bits

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left ロックウェル・オートメーションのホーム Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust & Security Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
を続行するには、クッキーの設定を更新してください.
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • ソーシャルメディア・クッキー
  • 機能性クッキー
  • パフォーマンスクッキー
  • マーケティングクッキー
  • 全てのクッキー
いつでも設定を更新することができます。詳しくは{0}をご覧ください プライバシーポリシー
CloseClose