PatchSiren cyber security CVE debrief
CVE-2025-3618 Rockwell Automation CVE debrief
CVE-2025-3618 is a high-severity denial-of-service vulnerability in Rockwell Automation ThinManager. According to CISA’s advisory, the software does not adequately verify the outcome of memory allocation while processing Type 18 messages, which can let an attacker cause a denial of service on the target software. Rockwell Automation states the issue is fixed in multiple ThinManager releases, including 11.2.11, 12.0.9, 13.1.5, 13.2.4, and 14.0.2.
- Vendor
- Rockwell Automation
- Product
- ThinManager
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-29
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-29
- Advisory updated
- 2025-05-06
Who should care
Industrial control system administrators, Rockwell Automation ThinManager operators, and security teams responsible for OT/ICS environments should care, especially if ThinManager versions 14.0.0 or earlier are deployed.
Technical summary
The advisory describes an availability-impacting flaw in ThinManager’s handling of Type 18 messages. The affected product scope in the CSAF advisory is Rockwell Automation ThinManager <=14.0.0. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable issue with no privileges or user interaction required and impact limited to availability.
Defensive priority
High. The vulnerability is remotely reachable and rated 7.5 HIGH, but the documented impact is denial of service rather than confidentiality or integrity compromise. Prioritize patching exposed or operationally critical ThinManager deployments.
Recommended defensive actions
- Upgrade ThinManager to a fixed version: 11.2.11, 12.0.9, 13.1.5, 13.2.4, or 14.0.2, as appropriate for your environment.
- Inventory ThinManager deployments and confirm whether any systems are running version 14.0.0 or earlier.
- Apply Rockwell Automation’s suggested security best practices for industrial automation control systems to reduce exposure while remediation is planned.
- Use environment-specific prioritization methods such as SSVC to determine rollout urgency for operationally critical systems.
- Review Rockwell Automation security advisory SD1727 for vendor guidance and deployment details.
Evidence notes
All claims here come from the supplied CISA CSAF advisory and its referenced vendor remediation notes. The advisory states the issue is a denial-of-service vulnerability in Rockwell Automation ThinManager caused by inadequate verification of memory allocation outcomes while processing Type 18 messages. The affected product entry is ThinManager <=14.0.0, and the remediation entries list fixed versions 11.2.11, 12.0.9, 13.1.5, 13.2.4, and 14.0.2. The advisory revision history shows initial publication on 2025-04-29 and a later typo-fix revision on 2025-05-06; that revision is not treated as the vulnerability disclosure date.
Official resources
-
CVE-2025-3618 CVE record
CVE.org
-
CVE-2025-3618 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and CVE record on 2025-04-29T06:00:00.000Z, with a later revision on 2025-05-06T06:00:00.000Z for typo fixes only.