CVE-2023-1834

Rockwell Automation Kinetix 5500 Vulnerable to Open Port Exploitation

CVSS 9.4 CRITICALEPSS 1.3%CWE-284

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.4EPSS 1.3%KEV nãoPoC —Patch —

Ciclo de vida

11 may 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Productos afectados

Rockwell Automation · Kinetix 5500 EtherNet/IP Servo Drive

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139441