Loading

PN1625 | Inadequate Encryption Vulnerability in ThinManager®

Severity:
High
Advisory ID:
PN1625
게시한 날짜:
May 12, 2023
최근 업데이트:
September 09, 2025
Revision Number:
2.0
Known Exploited Vulnerability (KEV):
아니요
Corrected:
아니요
Workaround:
아니요
CVE IDs
CVE-2023-2443
요약
Inadequate Encryption Vulnerability in ThinManager®

 

Revision Number
1.2
Revision History
Version 1.0 - May 11, 2023
Version 1.1 - May 12, 2023 – Updated First Known in Software Version
Version 1.2 - September 9, 2025 - Updated for readability

Affected Products

Affected Product First Known in Software Version Corrected in Software Version
ThinManager ® v13.0.0 and v13.0.1 v13.0.2

Security Issue Details

Rockwell Automation uses the latest version of the CVSS scoring system to assess the security issues.

CVE-2023-2443 IMPACT
The affected product allows use of medium strength ciphers.  If the client requests an insecure cipher, a threat actor could decrypt traffic sent between the client and server Application Programming Interface (API).

CVSS Base Score: 7.5/10
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: Inadequate Encryption Strength

Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.

Risk Mitigation & User Action

Customers using the affected software should use the risk mitigations and our suggested security best practices found below to minimize risks.

Additional Resources

Glossary

Application Programming Interface: (API) is a set of protocols and tools that allow different software applications to communicate with each other.

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

Medium Strength Ciphers: encryption methods that use key lengths of at least 64 bits and less than 112bits, or those with key lengths at least 56 bits and less than 112bits

 

Copyright ©2022 Rockwell Automation, Inc.