CVE-2023-2443: Weak Encryption
First published: Thu May 11 2023(Updated: )
Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Thinmanager | <=13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-2443?
CVE-2023-2443 refers to a vulnerability in the Rockwell Automation ThinManager product that allows the use of medium strength ciphers, potentially enabling a malicious actor to decrypt traffic sent between the client and server API.
How does CVE-2023-2443 impact the Rockwell Automation ThinManager product?
CVE-2023-2443 can impact the Rockwell Automation ThinManager product by allowing the use of medium strength ciphers and enabling possible decryption of traffic between the client and server API.
What is the severity of CVE-2023-2443?
CVE-2023-2443 has a severity rating of 7.5 (high).
How can I fix CVE-2023-2443?
To fix CVE-2023-2443, it is recommended to update the Rockwell Automation ThinManager product to a version that addresses the vulnerability.
Where can I find more information about CVE-2023-2443?
More information about CVE-2023-2443 can be found at the following link: [https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139442]
- collector/nvd-index
- vendor/rockwellautomation
- canonical/rockwellautomation thinmanager
- version/rockwellautomation thinmanager/13.0