OTPulse
FeedAboutContact

Rockwell Automation ThinManager

Plan Patch7.8ICS-CERT ICSA-25-119-01Apr 29, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Two vulnerabilities in Rockwell Automation ThinManager affect versions 14.0.0 and earlier. CVE-2025-3617 involves buffer overflow (CWE-119) that could allow privilege escalation. CVE-2025-3618 involves improper access controls (CWE-276) leading to privilege escalation. Both vulnerabilities require local user account access to the ThinManager system. Successful exploitation allows an attacker to escalate to system-level privileges and cause denial-of-service conditions, affecting industrial process visibility and control.

What this means
What could happen
An attacker with local access could escalate their privileges on ThinManager and potentially stop the application, disrupting visualization and control of industrial processes across connected devices.
Who's at risk
Water utilities, electric utilities, and manufacturing plants using Rockwell Automation ThinManager for remote monitoring and control of HMI (Human-Machine Interface) systems and industrial devices. ThinManager is a thin client platform used to centralize control of industrial processes, making it critical infrastructure for facility operations.
How it could be exploited
An attacker with a local user account on the ThinManager system could exploit insufficient access controls and memory safety issues to gain system-level privileges and crash the service, affecting visibility and control of connected industrial equipment.
Prerequisites
  • Local user account on the ThinManager system
  • Physical or remote logon access to the ThinManager server
Affects visualization and control systemsPrivilege escalation possibleDenial of service impactRequires local access (lower immediate risk for internet-exposed systems)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
ThinManager: <=14.0.0≤ 14.0.014.0.2
Remediation & Mitigation
0/7
Schedule — requires maintenance window
0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ThinManager to v14.0.2 or later
HOTFIXUpdate ThinManager to v13.2.4 or later (if on v13.x branch)
HOTFIXUpdate ThinManager to v13.1.5 or later (if on v13.1 branch)
HOTFIXUpdate ThinManager to v12.0.9 or later (if on v12.x branch)
HOTFIXUpdate ThinManager to v11.2.11 or later (if on v11.x branch)
Long-term hardening
0/2
HARDENINGIsolate ThinManager from the business network and untrusted networks using firewall rules or network segmentation
HARDENINGRestrict local logon access to ThinManager to authorized engineering and operations staff only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/5a8f0251-4c50-422b-beb9-62865632bcff
Rockwell Automation ThinManager | CVSS 7.8 - OTPulse