Vulnerability Database

308,485

Total vulnerabilities in the database

CVE-2023-27857

In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field

in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.

Published: Mar 22, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-27857
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
rockwellautomation / thinmanager	13.0.0	13.0.0.x
rockwellautomation / thinmanager	12.1.0	12.1.4
rockwellautomation / thinmanager	12.0.0	12.0.3
rockwellautomation / thinmanager	11.2.0	11.2.6
rockwellautomation / thinmanager	11.1.0	11.1.5
rockwellautomation / thinmanager	11.0.0	11.0.5

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo