CVE-2023-3595
Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-10 CVE Reserved
- 2023-07-12 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
- CAPEC-100: Overflow Buffers
References (0)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2f Series A Firmware Search vendor "Rockwellautomation" for product "1756-en2f Series A Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2f Series A Search vendor "Rockwellautomation" for product "1756-en2f Series A" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2f Series B Firmware Search vendor "Rockwellautomation" for product "1756-en2f Series B Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2f Series B Search vendor "Rockwellautomation" for product "1756-en2f Series B" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2f Series C Firmware Search vendor "Rockwellautomation" for product "1756-en2f Series C Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2f Series C Search vendor "Rockwellautomation" for product "1756-en2f Series C" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2t Series A Firmware Search vendor "Rockwellautomation" for product "1756-en2t Series A Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2t Series A Search vendor "Rockwellautomation" for product "1756-en2t Series A" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2t Series B Firmware Search vendor "Rockwellautomation" for product "1756-en2t Series B Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2t Series B Search vendor "Rockwellautomation" for product "1756-en2t Series B" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2t Series C Firmware Search vendor "Rockwellautomation" for product "1756-en2t Series C Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2t Series C Search vendor "Rockwellautomation" for product "1756-en2t Series C" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2t Series D Firmware Search vendor "Rockwellautomation" for product "1756-en2t Series D Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2t Series D Search vendor "Rockwellautomation" for product "1756-en2t Series D" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2tr Series A Firmware Search vendor "Rockwellautomation" for product "1756-en2tr Series A Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2tr Series A Search vendor "Rockwellautomation" for product "1756-en2tr Series A" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2tr Series B Firmware Search vendor "Rockwellautomation" for product "1756-en2tr Series B Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2tr Series B Search vendor "Rockwellautomation" for product "1756-en2tr Series B" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2tr Series C Firmware Search vendor "Rockwellautomation" for product "1756-en2tr Series C Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en2tr Series C Search vendor "Rockwellautomation" for product "1756-en2tr Series C" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en3tr Series A Firmware Search vendor "Rockwellautomation" for product "1756-en3tr Series A Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en3tr Series A Search vendor "Rockwellautomation" for product "1756-en3tr Series A" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1756-en3tr Series B Firmware Search vendor "Rockwellautomation" for product "1756-en3tr Series B Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | 1756-en3tr Series B Search vendor "Rockwellautomation" for product "1756-en3tr Series B" | - | - |
Safe
|