CVE-2023-3595
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
Affected (12)
Products: Rockwellautomation: 1756 En2f Series A Firmware, 1756 En2f Series B Firmware, 1756 En2f Series C Firmware, 1756 En2t Series A Firmware, 1756 En2t Series B Firmware, 1756 En2t Series C Firmware, 1756 En2t Series D Firmware, 1756 En2tr Series A Firmware, 1756 En2tr Series B Firmware, 1756 En2tr Series C Firmware, 1756 En3tr Series A Firmware, 1756 En3tr Series B Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2f Series A | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2f Series B | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2f Series C | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2t Series A | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2t Series B | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2t Series C | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2t Series D | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tr Series A | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tr Series B | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En2tr Series C | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En3tr Series A | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1756 En3tr Series B | All versions |
References (2)
Source: PSIRT@rockwellautomation.com
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Timeline
No history available yet.