CVSS: 10.0EPSS: 5%CPEs: 66EXPL: 0CVE-2023-2262 – Rockwell Automation Select Logix Communication Modules Vulnerable to Email Object Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-2262
20 Sep 2023 — A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device. Existe una vulnerabilidad de Desbordamiento del Búfer en determinados dispositivos de comunicación 1756-EN* de Rockwell Automation. Si se explota, un actor de amenazas podría aprovechar ... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140786 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 32EXPL: 1CVE-2018-17924
https://notcve.org/view.php?id=CVE-2018-17924
07 Dec 2018 — Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempt... • https://github.com/g0dd0ghd/CVE-2018-17924-PoC • CWE-306: Missing Authentication for Critical Function •