Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution
CVE-2023-3595

9.8CRITICAL

Key Information:

Vendor: Rockwell Automation
Status: 1756-EN2T Series A, B, C; 1756-EN2T Series D; 1756-EN2TK Series A, B, C; 1756-EN2TXT Series A, B, C
Vendor: CVE Published:; 12 July 2023

Badges

💰 Ransomware👾 Exploit Exists📰 News Worthy

Summary

A vulnerability exists in Rockwell Automation's ControlLogix communication products, specifically the 1756 EN2* and 1756 EN3* models. This flaw could be exploited by a malicious user to achieve remote code execution with persistence. Attackers can craft malicious CIP messages to manipulate, deny, or exfiltrate data traversing the affected device, thus compromising the integrity and confidentiality of the system.

Affected Version(s)

1756-EN2F Series A, B <=5.008 & 5.028

1756-EN2F Series C <=11.003

1756-EN2FK Series A, B <=5.008 & 5.028

News Articles

The Hacker News

CVE-2023-3595 CVE-2023-3596

Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks

U.S. CISA warns of critical vulnerabilities in Rockwell Automation ControlLogix ENIP modules, allowing remote code execution and DoS attacks.

References

https://rockwellautomation.custhelp.com/app/answers/answe...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by The Hacker News
Aug 7, 2024
💰
Used in Ransomware
Jul 14, 2023
👾
Exploit known to exist
Jul 14, 2023
Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Jul 10, 2023

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks

References

CVSS V3.1

Timeline