CVE-2023-0027 – Rockwell Automation Modbus TCP AOI Server Could Leak Sensitive Information

https://notcve.org/view.php?id=CVE-2023-0027

Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138766 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •