CVE-2023-3595
Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.8EPSS 3.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
12 jul 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Rockwell Auotmation · 1756-EN2TPXT Series ARockwell Automation · 1756-EN2FK Series A, BRockwell Automation · 1756-EN2FK Series CRockwell Automation · 1756-EN2F Series A, BRockwell Automation · 1756-EN2F Series CRockwell Automation · 1756-EN2TK Series A, B, CRockwell Automation · 1756-EN2TPK Series ARockwell Automation · 1756-EN2TP Series ARockwell Automation · 1756-EN2TRK Series A, BRockwell Automation · 1756-EN2TRK Series CRockwell Automation · 1756-EN2TR Series A, BRockwell Automation · 1756-EN2TR Series CRockwell Automation · 1756-EN2TRXT Series A, BRockwell Automation · 1756-EN2TRXT Series CRockwell Automation · 1756-EN2T Series A, B, CRockwell Automation · 1756-EN2T Series DRockwell Automation · 1756-EN2TXT Series A, B, CRockwell Automation · 1756-EN2TXT Series DRockwell Automation · 1756-EN3TRK Series ARockwell Automation · 1756-EN3TRK Series BRockwell Automation · 1756-EN3TR Series ARockwell Automation · 1756-EN3TR Series B¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →