Headline
CVE-2023-3595: Remote Code Execution and Denial-of-Service Vulnerabilities in Select Communication Modules
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* Ethernet/IP communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
Skip Navigation
menu
- Support Center
- Get Support Chat & Submit a Question Phone Support Holiday Schedule
- Training & Webinars
- Online Forum
- Customer Care Customer Care Overview Phone Support Holiday Schedule
Sign In
Quickly log in or create an account using an existing service
Yahoo
What will happen: When you click on this button you will be taken to Yahoo. Once you log in, Yahoo will verify you and send you back here where you’ll be logged in!
Log In or Create an AccountOpens new dialog
Please log in to continue, Username Password
Email Address *
Username *
Password
Re-enter a value for the field ‘Password’
Must match Password
First Name *
Last Name *
Forgot your username or password?
The page will refresh upon submission. Any pending input will be lost.
Current product hierarchy
- Automation Control
- Programmable Controllers
- 1756 ControlLogix
- Comms Modules
ID: PN1633 | Access Levels: Everyone
Search
Did you mean:
Published DatePublished Date 07/12/2023
Executive Summary
Rockwell Automation, in coordination with the U.S. government, has analyzed a novel exploit capability attributed to Advance Persistent Threat (APT) actors affecting select communication modul…
****Login Required to View Full Answer Content**
Please use the ‘Sign In’ button above
**
Related news
Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). "The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but