CWE
787
Advisory Published
Updated

CVE-2023-3595: Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution

First published: Wed Jul 12 2023(Updated: )

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

Credit: PSIRT@rockwellautomation.com PSIRT@rockwellautomation.com

Affected SoftwareAffected VersionHow to fix
Rockwellautomation 1756-en2f Series A Firmware
Rockwellautomation 1756-en2f Series A
Rockwellautomation 1756-en2f Series B Firmware
Rockwellautomation 1756-en2f Series B
Rockwellautomation 1756-en2f Series C Firmware
Rockwellautomation 1756-en2f Series C
Rockwellautomation 1756-en2t Series A Firmware
Rockwellautomation 1756-en2t Series A
Rockwellautomation 1756-en2t Series B Firmware
Rockwellautomation 1756-en2t Series B
Rockwellautomation 1756-en2t Series C Firmware
Rockwellautomation 1756-en2t Series C
Rockwellautomation 1756-en2t Series D Firmware
Rockwellautomation 1756-en2t Series D
Rockwellautomation 1756-en2tr Series A Firmware
Rockwellautomation 1756-en2tr Series A
Rockwellautomation 1756-en2tr Series B Firmware
Rockwellautomation 1756-en2tr Series B
Rockwellautomation 1756-en2tr Series C Firmware
Rockwellautomation 1756-en2tr Series C
Rockwellautomation 1756-en3tr Series A Firmware
Rockwellautomation 1756-en3tr Series A
Rockwellautomation 1756-en3tr Series B Firmware
Rockwellautomation 1756-en3tr Series B

Remedy

* Update firmware. Update EN2* ControlLogix communications modules to mitigated firmware. * Properly segment networks. Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. * Implement detection signatures. Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2023-3595?

    CVE-2023-3595 is a vulnerability that exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products.

  • How severe is CVE-2023-3595?

    CVE-2023-3595 is classified as critical with a severity value of 9.8.

  • How does CVE-2023-3595 allow remote code execution?

    CVE-2023-3595 allows remote code execution through maliciously crafted CIP messages.

  • Which Rockwell Automation products are affected by CVE-2023-3595?

    CVE-2023-3595 affects the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products.

  • How can I fix CVE-2023-3595?

    To fix CVE-2023-3595, it is recommended to apply the necessary patches or updates provided by Rockwell Automation.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203