CVE-2025-3618

A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.

CVSS

No CVSS.

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html

Configurations

No configuration.

History

17 Apr 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-119
Summary		(es) Existe una vulnerabilidad de denegación de servicio en Rockwell Automation ThinManager. El software no verifica adecuadamente el resultado de la asignación de memoria al procesar mensajes de tipo 18. Si se explota, un atacante podría provocar una denegación de servicio en el software objetivo.

15 Apr 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-15 18:15

Updated : 2025-04-17 18:15

NVD link : CVE-2025-3618

Mitre link : CVE-2025-3618

CVE.ORG link : CVE-2025-3618

JSON object : View

Products Affected

No product.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2025-3618", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-15T18:15:53.767", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html", "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en Rockwell Automation ThinManager. El software no verifica adecuadamente el resultado de la asignaci\u00f3n de memoria al procesar mensajes de tipo 18. Si se explota, un atacante podr\u00eda provocar una denegaci\u00f3n de servicio en el software objetivo."}], "lastModified": "2025-04-17T18:15:51.763", "sourceIdentifier": "PSIRT@rockwellautomation.com"}

JSON object

Attach tags to CVE-2025-3618

Attach tags to `CVE-2025-3618`