CVE-2023-0027

Published: Mar 17, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information.

Affected (1)

Products: Rockwellautomation: Modbus Tcp Server Add On Instructions

Rockwellautomation

1 product

Modbus Tcp Server Add On Instructions

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Modbus Tcp Server Add On Instructions	From 2.00.00 to 2.04.00

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138766

Source: PSIRT@rockwellautomation.com

Permissions RequiredVendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138766

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.