CVE-2023-2262
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.
Affected (33)
Products: Rockwellautomation: 1756 En2t Series A Firmware, 1756 En2t Series B Firmware, 1756 En2t Series C Firmware, 1756 En2t Series D Firmware, 1756 En2tk Series A Firmware, 1756 En2tk Series B Firmware, 1756 En2tk Series C Firmware, 1756 En2txt Series A Firmware, 1756 En2txt Series B Firmware, 1756 En2txt Series C Firmware, 1756 En2txt Series D Firmware, 1756 En2tp Series A Firmware, 1756 En2tpk Series A Firmware, 1756 En2tr Series A Firmware, 1756 En2tr Series B Firmware, 1756 En2tr Series C Firmware, 1756 En2trk Series A Firmware, 1756 En2trk Series B Firmware, 1756 En2trk Series C Firmware, 1756 En2trxt Series A Firmware, 1756 En2trxt Series B Firmware, 1756 En2trxt Series C Firmware, 1756 En2f Series A Firmware, 1756 En2f Series B Firmware, 1756 En2f Series C Firmware, 1756 En2fk Series A Firmware, 1756 En2fk Series B Firmware, 1756 En2fk Series C Firmware, 1756 En3tr Series A Firmware, 1756 En3tr Series B Firmware, 1756 En3trk Series A Firmware, 1756 En3trk Series B Firmware, 1756 En2tpxt Series A Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2t Series A | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2t Series B | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2t Series C | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2t Series D | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tk Series A | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tk Series B | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tk Series C | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2txt Series A | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2txt Series B | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2txt Series C | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2txt Series D | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tp Series A | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tpk Series A | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tr Series A | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tr Series B | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tr Series C | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2trk Series A | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2trk Series B | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2trk Series C | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2trxt Series A | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2trxt Series B | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2trxt Series C | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2f Series A | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2f Series B | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2f Series C | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2fk Series A | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2fk Series B | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2fk Series C | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En3tr Series A | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.003 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En3tr Series B | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| From 5.008 to 5.028 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En3trk Series A | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En3trk Series B | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.002 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tpxt Series A | All versions |
Related CWEs
CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (2)
Source: PSIRT@rockwellautomation.com
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Timeline
No history available yet.