First published: Wed Sep 20 2023(Updated: )
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.
Credit: PSIRT@rockwellautomation.com PSIRT@rockwellautomation.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation 1756-en2t Series A Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2t Series A | ||
Rockwellautomation 1756-en2t Series B Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2t Series B | ||
Rockwellautomation 1756-en2t Series C Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2t Series C | ||
Rockwellautomation 1756-en2t Series D Firmware | <=11.002 | |
Rockwellautomation 1756-en2t Series D | ||
Rockwellautomation 1756-en2tk Series A Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2tk Series A | ||
Rockwellautomation 1756-en2tk Series B Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2tk Series B | ||
Rockwellautomation 1756-en2tk Series C Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2tk Series C | ||
Rockwellautomation 1756-en2txt Series A Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2txt Series A | ||
Rockwellautomation 1756-en2txt Series B Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2txt Series B | ||
Rockwellautomation 1756-en2txt Series C Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2txt Series C | ||
Rockwellautomation 1756-en2txt Series D Firmware | <=11.002 | |
Rockwellautomation 1756-en2txt Series D | ||
Rockwellautomation 1756-en2tp Series A Firmware | <=11.002 | |
Rockwellautomation 1756-en2tp Series A | ||
Rockwellautomation 1756-en2tpk Series A Firmware | <=11.002 | |
Rockwellautomation 1756-en2tpk Series A | ||
Rockwellautomation 1756-en2tr Series A Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2tr Series A | ||
Rockwellautomation 1756-en2tr Series B Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2tr Series B | ||
Rockwellautomation 1756-en2tr Series C Firmware | <=11.002 | |
Rockwellautomation 1756-en2tr Series C | ||
Rockwellautomation 1756-en2trk Series A Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2trk Series A | ||
Rockwellautomation 1756-en2trk Series B Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2trk Series B | ||
Rockwellautomation 1756-en2trk Series C Firmware | <=11.002 | |
Rockwellautomation 1756-en2trk Series C | ||
Rockwellautomation 1756-en2trxt Series A Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2trxt Series A | ||
Rockwellautomation 1756-en2trxt Series B Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2trxt Series B | ||
Rockwellautomation 1756-en2trxt Series C Firmware | <=11.002 | |
Rockwellautomation 1756-en2trxt Series C | ||
Rockwellautomation 1756-en2f Series A Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2f Series A | ||
Rockwellautomation 1756-en2f Series B Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2f Series B | ||
Rockwellautomation 1756-en2f Series C Firmware | <=11.002 | |
Rockwellautomation 1756-en2f Series C | ||
Rockwellautomation 1756-en2fk Series A Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2fk Series A | ||
Rockwellautomation 1756-en2fk Series B Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en2fk Series B | ||
Rockwellautomation 1756-en2fk Series C Firmware | <=11.002 | |
Rockwellautomation 1756-en2fk Series C | ||
Rockwellautomation 1756-en3tr Series A Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en3tr Series A | ||
Rockwellautomation 1756-en3tr Series B Firmware | <=11.003 | |
Rockwellautomation 1756-en3tr Series B | ||
Rockwellautomation 1756-en3trk Series A Firmware | >=5.008<=5.028 | |
Rockwellautomation 1756-en3trk Series A | ||
Rockwellautomation 1756-en3trk Series B Firmware | <=11.002 | |
Rockwellautomation 1756-en3trk Series B | ||
Rockwellautomation 1756-en2tpxt Series A Firmware | <=11.002 | |
Rockwellautomation 1756-en2tpxt Series A |
Update firmware. Update EN2* ControlLogix communications modules to mitigated firmware. * Restrict traffic to the SMTP port (25), if not needed. * Customers using the EN2/EN3 versions 10.x and higher can disable the email object, if not needed. Instructions can be found in the EtherNet/IP Network Devices User Manual (rockwellautomation.com) https://literature.rockwellautomation.com/idc/groups/literature/documents/um/enet-um006_-en-p.pdf , publication ENET-UM006. * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.