CVE-2023-2262
Rockwell Automation Select Logix Communication Modules Vulnerable to Email Object Buffer Overflow
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
20 Sep 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Rockwell Auotmation · 1756-EN2TPXT Series ARockwell Automation · 1756-EN2FK Series A, BRockwell Automation · 1756-EN2FK Series CRockwell Automation · 1756-EN2F Series A, BRockwell Automation · 1756-EN2F Series CRockwell Automation · 1756-EN2TK Series A, B, CRockwell Automation · 1756-EN2TPK Series ARockwell Automation · 1756-EN2TP Series ARockwell Automation · 1756-EN2TRK Series A, BRockwell Automation · 1756-EN2TRK Series CRockwell Automation · 1756-EN2TR Series A, BRockwell Automation · 1756-EN2TR Series CRockwell Automation · 1756-EN2TRXT Series A, BRockwell Automation · 1756-EN2TRXT Series CRockwell Automation · 1756-EN2T Series A, B, CRockwell Automation · 1756-EN2T Series DRockwell Automation · 1756-EN2TXT Series A, B, CRockwell Automation · 1756-EN2TXT Series DRockwell Automation · 1756-EN3TRK Series ARockwell Automation · 1756-EN3TRK Series BRockwell Automation · 1756-EN3TR Series ARockwell Automation · 1756-EN3TR Series BWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →