CVE-2023-3595

high-risk

Published 2023-07-12

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

Do I need to act?

37.5% chance of exploitation in next 30 days

EPSS score — higher than 63% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (12)

1756-En2F Series A Firmware

1756-En2F Series B Firmware

1756-En2F Series C Firmware

1756-En2T Series A Firmware

1756-En2T Series B Firmware

1756-En2T Series C Firmware

1756-En2T Series D Firmware

1756-En2Tr Series A Firmware

1756-En2Tr Series B Firmware

1756-En2Tr Series C Firmware

1756-En3Tr Series A Firmware

1756-En3Tr Series B Firmware

Affected Vendors

Rockwellautomation

References (2)

Permissions Required https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 16/34 · Moderate

Exposure 17/34 · Moderate