OTPulse
FeedAboutContact

Rockwell Automation ThinManager

Plan Patch7.5ICS-CERT ICSA-23-131-15May 11, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

ThinManager versions 13.0 to 13.0.1 use weak encryption (3DES) in the client-server API communication. This allows attackers with network access to decrypt the traffic exchanged between ThinManager clients and servers, potentially exposing sensitive information transmitted over the connection.

What this means
What could happen
An attacker who intercepts network traffic between a ThinManager client and server could decrypt it and access sensitive operational data. This could expose credentials, configuration details, or other information needed to conduct further attacks on the control system.
Who's at risk
Transportation authorities and operators of Rockwell Automation ThinManager should care about this vulnerability. ThinManager is a thin-client operating system used to manage and display information on industrial computing devices in field environments. The advisory affects ThinManager versions 13.0 and 13.0.1.
How it could be exploited
An attacker with network access to the communication path between ThinManager client and server can passively intercept the encrypted traffic and decrypt it offline using cryptanalysis of the weak 3DES algorithm. No active interaction with the devices is required—the attacker only needs to be positioned on the network to observe the traffic.
Prerequisites
  • Network access to observe traffic between ThinManager client and server
  • ThinManager version 13.0 or 13.0.1 deployed and in use
  • Client-server communication occurring over the network (not local to a single device)
remotely exploitableno authentication requiredlow complexityweak encryption algorithm (3DES)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
ThinManager: >= 13.0 | < 13.0.113.0 | < 13.0.113.0.2
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDDisable use of 3DES encryption algorithm and enforce use of stronger encryption (likely via configuration or newer protocol version)
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade ThinManager to version 13.0.2
Long-term hardening
0/2
HARDENINGRestrict network access to ThinManager client-server communications by segmenting the control system network from business networks and blocking internet-facing exposure
HARDENINGImplement secure remote access methods (VPN with current patches) if remote management of ThinManager is required
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/34c0c5a2-88d7-49d3-8632-df92240f4441