Published: 12/07/2023 Updated: 25/07/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rockwellautomation 1756-en2f_series_a_firmware -
rockwellautomation 1756-en2f_series_b_firmware -
rockwellautomation 1756-en2f_series_c_firmware -
rockwellautomation 1756-en2t_series_a_firmware -
rockwellautomation 1756-en2t_series_b_firmware -
rockwellautomation 1756-en2t_series_c_firmware -
rockwellautomation 1756-en2t_series_d_firmware -
rockwellautomation 1756-en2tr_series_a_firmware -
rockwellautomation 1756-en2tr_series_b_firmware -
rockwellautomation 1756-en2tr_series_c_firmware -
rockwellautomation 1756-en3tr_series_a_firmware -
rockwellautomation 1756-en3tr_series_b_firmware -

Rockwell Automation warns admins to take ICS devices offline

BleepingComputer • Sergiu Gatlan • 21 May 2024

Rockwell Automation warns admins to take ICS devices offline By Sergiu Gatlan May 21, 2024 01:48 PM 0 Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide. Network defenders should never configure such devices to allow remote connections from systems outside the local network. By taking them offline, they can drastically reduce their organizations' attack surface....

CVE-2023-3595

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect