CRITICAL🇬🇧 English

CVE-2023-3595

CVSS 9.8v3.1pub. 2023-07-12upd. 2024-11-21

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rockwellautomation 1756 En2f Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2f Series A Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2f Series B

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2f Series B Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2f Series C

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2f Series C Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tr Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tr Series A Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tr Series B

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tr Series B Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tr Series C

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tr Series C Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2t Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2t Series A Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2t Series B

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2t Series B Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2t Series C

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2t Series C Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2t Series D

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2t Series D Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En3tr Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En3tr Series A Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En3tr Series B

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En3tr Series B Firmware

    OS
    Rockwellautomation
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2023-2262CRITICAL9.8ten sam produkt

A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If...

CVE-2025-8007HIGH7.1ten sam produkt

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Conc...

CVE-2025-8008HIGH7.1ten sam produkt

A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages du...

CVE-2018-17924HIGH8.6ten sam produkt

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticate...

CVE-2023-20198CRITICAL10.0⚠ KEVten sam vendor

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...