ICSA-25-119-01
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Rockwell Automation ThinManager
CVSS 7.8
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and cause a denial-of-service condition.
CVEs (2)
Remediations
- Rockwell Automation fixed CVE-2025-3618 in the following versions of ThinManager:
- ThinManager v11.2.11
- ThinManager v12.0.9
- ThinManager v13.1.5
- ThinManager v13.2.4
- ThinManager v14.0.2
- For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices to minimize the risk of the vulnerability.
- For more information about these issues, please see the Rockwell Automation security advisory SD1727.
- Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
- Rockwell Automation encourages users to update ThinManager to v14.0.2 or later to mitigate CVE-2025-3617.
Affected Vendors
Rockwell Automation
Affected Products (1)
Rockwell Automation
·
ThinManager
<=14.0.0
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more