First published: Wed Jul 12 2023(Updated: )
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
Credit: PSIRT@rockwellautomation.com PSIRT@rockwellautomation.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation 1756-en2f Series A Firmware | ||
Rockwellautomation 1756-en2f Series A | ||
Rockwellautomation 1756-en2f Series B Firmware | ||
Rockwellautomation 1756-en2f Series B | ||
Rockwellautomation 1756-en2f Series C Firmware | ||
Rockwellautomation 1756-en2f Series C | ||
Rockwellautomation 1756-en2t Series A Firmware | ||
Rockwellautomation 1756-en2t Series A | ||
Rockwellautomation 1756-en2t Series B Firmware | ||
Rockwellautomation 1756-en2t Series B | ||
Rockwellautomation 1756-en2t Series C Firmware | ||
Rockwellautomation 1756-en2t Series C | ||
Rockwellautomation 1756-en2t Series D Firmware | ||
Rockwellautomation 1756-en2t Series D | ||
Rockwellautomation 1756-en2tr Series A Firmware | ||
Rockwellautomation 1756-en2tr Series A | ||
Rockwellautomation 1756-en2tr Series B Firmware | ||
Rockwellautomation 1756-en2tr Series B | ||
Rockwellautomation 1756-en2tr Series C Firmware | ||
Rockwellautomation 1756-en2tr Series C | ||
Rockwellautomation 1756-en3tr Series A Firmware | ||
Rockwellautomation 1756-en3tr Series A | ||
Rockwellautomation 1756-en3tr Series B Firmware | ||
Rockwellautomation 1756-en3tr Series B |
* Update firmware. Update EN2* ControlLogix communications modules to mitigated firmware. * Properly segment networks. Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. * Implement detection signatures. Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-3595 is a vulnerability that exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products.
CVE-2023-3595 is classified as critical with a severity value of 9.8.
CVE-2023-3595 allows remote code execution through maliciously crafted CIP messages.
CVE-2023-3595 affects the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products.
To fix CVE-2023-3595, it is recommended to apply the necessary patches or updates provided by Rockwell Automation.