First published: Thu May 11 2023(Updated: )
Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports.
Credit: PSIRT@rockwellautomation.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Kinetix 5500 Firmware | =7.13 | |
Rockwellautomation Kinetix 5500 | ||
Rockwell Automation Kinetix 5500 devices manufactured between May 2022 and January 2023 | =7.13 |
Customers should upgrade to v7.14 to correct the issue.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1834 is a vulnerability in Rockwell Automation Kinetix 5500 drives running v7.13 firmware, where the telnet and FTP ports may be open by default, allowing unauthorized access.
CVE-2023-1834 has a severity rating of 9.1 (critical).
No, only Kinetix 5500 drives running v7.13 firmware are affected by CVE-2023-1834.
To prevent unauthorized access, Rockwell Automation recommends disabling telnet and FTP ports or upgrading to a version of firmware that does not have these ports open.
More information about CVE-2023-1834 can be found on the Rockwell Automation and CISA websites.