CWE
787 121 119
Advisory Published
Updated

CVE-2023-2262: Rockwell Automation Select Logix Communication Modules Vulnerable to Email Object Buffer Overflow

First published: Wed Sep 20 2023(Updated: )

A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.

Credit: PSIRT@rockwellautomation.com PSIRT@rockwellautomation.com

Affected SoftwareAffected VersionHow to fix
Rockwellautomation 1756-en2t Series A Firmware>=5.008<=5.028
Rockwellautomation 1756-en2t Series A
Rockwellautomation 1756-en2t Series B Firmware>=5.008<=5.028
Rockwellautomation 1756-en2t Series B
Rockwellautomation 1756-en2t Series C Firmware>=5.008<=5.028
Rockwellautomation 1756-en2t Series C
Rockwellautomation 1756-en2t Series D Firmware<=11.002
Rockwellautomation 1756-en2t Series D
Rockwellautomation 1756-en2tk Series A Firmware>=5.008<=5.028
Rockwellautomation 1756-en2tk Series A
Rockwellautomation 1756-en2tk Series B Firmware>=5.008<=5.028
Rockwellautomation 1756-en2tk Series B
Rockwellautomation 1756-en2tk Series C Firmware>=5.008<=5.028
Rockwellautomation 1756-en2tk Series C
Rockwellautomation 1756-en2txt Series A Firmware>=5.008<=5.028
Rockwellautomation 1756-en2txt Series A
Rockwellautomation 1756-en2txt Series B Firmware>=5.008<=5.028
Rockwellautomation 1756-en2txt Series B
Rockwellautomation 1756-en2txt Series C Firmware>=5.008<=5.028
Rockwellautomation 1756-en2txt Series C
Rockwellautomation 1756-en2txt Series D Firmware<=11.002
Rockwellautomation 1756-en2txt Series D
Rockwellautomation 1756-en2tp Series A Firmware<=11.002
Rockwellautomation 1756-en2tp Series A
Rockwellautomation 1756-en2tpk Series A Firmware<=11.002
Rockwellautomation 1756-en2tpk Series A
Rockwellautomation 1756-en2tr Series A Firmware>=5.008<=5.028
Rockwellautomation 1756-en2tr Series A
Rockwellautomation 1756-en2tr Series B Firmware>=5.008<=5.028
Rockwellautomation 1756-en2tr Series B
Rockwellautomation 1756-en2tr Series C Firmware<=11.002
Rockwellautomation 1756-en2tr Series C
Rockwellautomation 1756-en2trk Series A Firmware>=5.008<=5.028
Rockwellautomation 1756-en2trk Series A
Rockwellautomation 1756-en2trk Series B Firmware>=5.008<=5.028
Rockwellautomation 1756-en2trk Series B
Rockwellautomation 1756-en2trk Series C Firmware<=11.002
Rockwellautomation 1756-en2trk Series C
Rockwellautomation 1756-en2trxt Series A Firmware>=5.008<=5.028
Rockwellautomation 1756-en2trxt Series A
Rockwellautomation 1756-en2trxt Series B Firmware>=5.008<=5.028
Rockwellautomation 1756-en2trxt Series B
Rockwellautomation 1756-en2trxt Series C Firmware<=11.002
Rockwellautomation 1756-en2trxt Series C
Rockwellautomation 1756-en2f Series A Firmware>=5.008<=5.028
Rockwellautomation 1756-en2f Series A
Rockwellautomation 1756-en2f Series B Firmware>=5.008<=5.028
Rockwellautomation 1756-en2f Series B
Rockwellautomation 1756-en2f Series C Firmware<=11.002
Rockwellautomation 1756-en2f Series C
Rockwellautomation 1756-en2fk Series A Firmware>=5.008<=5.028
Rockwellautomation 1756-en2fk Series A
Rockwellautomation 1756-en2fk Series B Firmware>=5.008<=5.028
Rockwellautomation 1756-en2fk Series B
Rockwellautomation 1756-en2fk Series C Firmware<=11.002
Rockwellautomation 1756-en2fk Series C
Rockwellautomation 1756-en3tr Series A Firmware>=5.008<=5.028
Rockwellautomation 1756-en3tr Series A
Rockwellautomation 1756-en3tr Series B Firmware<=11.003
Rockwellautomation 1756-en3tr Series B
Rockwellautomation 1756-en3trk Series A Firmware>=5.008<=5.028
Rockwellautomation 1756-en3trk Series A
Rockwellautomation 1756-en3trk Series B Firmware<=11.002
Rockwellautomation 1756-en3trk Series B
Rockwellautomation 1756-en2tpxt Series A Firmware<=11.002
Rockwellautomation 1756-en2tpxt Series A

Remedy

Update firmware. Update EN2* ControlLogix communications modules to mitigated firmware. * Restrict traffic to the SMTP port (25), if not needed. * Customers using the EN2/EN3 versions 10.x and higher can disable the email object, if not needed. Instructions can be found in the EtherNet/IP Network Devices User Manual (rockwellautomation.com) https://literature.rockwellautomation.com/idc/groups/literature/documents/um/enet-um006_-en-p.pdf , publication ENET-UM006. * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203