Vulnerabilities > CVE-2023-3595 - Out-of-bounds Write vulnerability in Rockwellautomation products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

rockwellautomation

CWE-787

critical

NVD

Published: 2023-07-12

Updated: 2023-07-25

Summary

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation 1756 En2F Series A Firmware - Rockwellautomation 1756 En2F Series B Firmware - Rockwellautomation 1756 En2F Series C Firmware - Rockwellautomation 1756 En2T Series A Firmware - Rockwellautomation 1756 En2T Series B Firmware - Rockwellautomation 1756 En2T Series C Firmware - Rockwellautomation 1756 En2T Series D Firmware - Rockwellautomation 1756 En2Tr Series A Firmware - Rockwellautomation 1756 En2Tr Series B Firmware - Rockwellautomation 1756 En2Tr Series C Firmware - Rockwellautomation 1756 En3Tr Series A Firmware - Rockwellautomation 1756 En3Tr Series B Firmware -	12
Hardware	Rockwellautomation Rockwellautomation 1756 En2F Series A - Rockwellautomation 1756 En2F Series B - Rockwellautomation 1756 En2F Series C - Rockwellautomation 1756 En2T Series A - Rockwellautomation 1756 En2T Series B - Rockwellautomation 1756 En2T Series C - Rockwellautomation 1756 En2T Series D - Rockwellautomation 1756 En2Tr Series A - Rockwellautomation 1756 En2Tr Series B - Rockwellautomation 1756 En2Tr Series C - Rockwellautomation 1756 En3Tr Series A - Rockwellautomation 1756 En3Tr Series B -	12

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References