CVE-2023-3595
Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.8EPSS 3.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
12 jul 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Rockwell Auotmation · 1756-EN2TPXT Series ARockwell Automation · 1756-EN2FK Series A, BRockwell Automation · 1756-EN2FK Series CRockwell Automation · 1756-EN2F Series A, BRockwell Automation · 1756-EN2F Series CRockwell Automation · 1756-EN2TK Series A, B, CRockwell Automation · 1756-EN2TPK Series ARockwell Automation · 1756-EN2TP Series ARockwell Automation · 1756-EN2TRK Series A, BRockwell Automation · 1756-EN2TRK Series CRockwell Automation · 1756-EN2TR Series A, BRockwell Automation · 1756-EN2TR Series CRockwell Automation · 1756-EN2TRXT Series A, BRockwell Automation · 1756-EN2TRXT Series CRockwell Automation · 1756-EN2T Series A, B, CRockwell Automation · 1756-EN2T Series DRockwell Automation · 1756-EN2TXT Series A, B, CRockwell Automation · 1756-EN2TXT Series DRockwell Automation · 1756-EN3TRK Series ARockwell Automation · 1756-EN3TRK Series BRockwell Automation · 1756-EN3TR Series ARockwell Automation · 1756-EN3TR Series BQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →