Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3595: Remote Code Execution and Denial-of-Service Vulnerabilities in Select Communication Modules

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* Ethernet/IP communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

CVE
#vulnerability#web#dos#rce

Skip Navigation

menu

  • Support Center
  • Get Support Chat & Submit a Question Phone Support Holiday Schedule
  • Training & Webinars
  • Online Forum
  • Customer Care Customer Care Overview Phone Support Holiday Schedule

Sign In

Quickly log in or create an account using an existing service

Yahoo

What will happen: When you click on this button you will be taken to Yahoo. Once you log in, Yahoo will verify you and send you back here where you’ll be logged in!

Log In or Create an AccountOpens new dialog

Please log in to continue, Username Password

Email Address *

Username *

Password

Re-enter a value for the field ‘Password’

Must match Password

First Name *

Last Name *

Forgot your username or password?

The page will refresh upon submission. Any pending input will be lost.

Current product hierarchy

  1. Automation Control
  2. Programmable Controllers
  3. 1756 ControlLogix
  4. Comms Modules

ID: PN1633 | Access Levels: Everyone

Search

Did you mean:

Published DatePublished Date 07/12/2023

Executive Summary

Rockwell Automation, in coordination with the U.S. government, has analyzed a novel exploit capability attributed to Advance Persistent Threat (APT) actors affecting select communication modul…

****Login Required to View Full Answer Content**

Please use the ‘Sign In’ button above

**

Related news

Rockwell's ICS Directive Comes as Critical Infrastructure Risk Peaks

Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.

Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). "The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907