Severity:
High
Advisory ID:
PN1625
公開日:
May 12, 2023
最終更新日:
May 12, 2023
Revision Number:
2.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
いいえ
Workaround:
いいえ
CVE IDs
CVE-2023-2443
概要
Inadequate Encryption Vulnerability in ThinManager®
Revision History
Revision Number
2.0
Revision History
Version 1.0 - May 11, 2023
Version 2.0 - May 12, 2023 – Updated First Known in Software Version
Version 2.0 - May 12, 2023 – Updated First Known in Software Version
Affected Products
Affected Product | First Known in Software Version | Corrected in Software Version |
ThinManager ® | v13.0.0 and v13.0.1 | v13.0.2 |
Vulnerability Details
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.
CVE-2023-2443 IMPACT
The affected product allows use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.
Known Exploited Vulnerability (KEV) database:
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment specific prioritization.
CVE-2023-2443 IMPACT
The affected product allows use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.
CVSS Base Score: 7.5/10
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: Inadequate Encryption Strength
Known Exploited Vulnerability (KEV) database:
No
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment specific prioritization.
Risk Mitigation & User Action
Customers using the affected software are encouraged to apply risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize risk of vulnerability.
- Upgrade to v13.0.2.
- Do not use 3DES encryption algorithm.
- QA43240 - Recommended Security Guidelines from Rockwell Automation
Additional Resources
Copyright ©2022 Rockwell Automation, Inc.