Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Title
Уязвимость микропрограммного обеспечения коммуникационных модулей Rockwell Automation 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT контроллеров Allen-Bradley серии ControlLogix 1756, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость микропрограммного обеспечения коммуникационных модулей Rockwell Automation 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT контроллеров Allen-Bradley серии ControlLogix 1756 связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код при помощи специально сформированного CIP-пакета
Severity
Vendor
Rockwell Automation Inc.
Software Name
1756-EN4TRXT Series A, 1756-EN4TRK Series A, 1756-EN4TR Series A, 1756-EN3TRK Series B, 1756-EN3TRK Series A, 1756-EN3TR Series B, 1756-EN3TR Series A, 1756-EN2FK Series C, 1756-EN2FK Series A, 1756-EN2FK Series B, 1756-EN2F Series C, 1756-EN2F Series A, 1756-EN2F Series B, 1756-EN2TRXT Series C, 1756-EN2TRXT Series A, 1756-EN2TRXT Series B, 1756-EN2TRK Series C, 1756-EN2TRK Series A, 1756-EN2TRK Series B, 1756-EN2TR Series C, 1756-EN2TR Series A, 1756-EN2TR Series B, 1756-EN2TPXT Series A, 1756-EN2TPK Series A, 1756-EN2TP Series A, 1756-EN2TXT Series D, 1756-EN2TXT Series A, 1756-EN2TXT Series B, 1756-EN2TXT Series C, 1756-EN2TK Series D, 1756-EN2TK Series A, 1756-EN2TK Series B, 1756-EN2TK Series C, 1756-EN2T Series D, 1756-EN2T Series A, 1756-EN2T Series B, 1756-EN2T Series C
Software Version
до 5.001 включительно (1756-EN4TRXT Series A), до 5.001 включительно (1756-EN4TRK Series A), до 5.001 включительно (1756-EN4TR Series A), до 11.003 включительно (1756-EN3TRK Series B), до 5.008 включительно (1756-EN3TRK Series A), до 5.028 включительно (1756-EN3TRK Series A), до 11.003 включительно (1756-EN3TR Series B), до 5.008 включительно (1756-EN3TR Series A), до 5.028 включительно (1756-EN3TR Series A), до 11.003 включительно (1756-EN2FK Series C), до 5.008 включительно (1756-EN2FK Series A), до 5.028 включительно (1756-EN2FK Series A), до 5.008 включительно (1756-EN2FK Series B), до 5.028 включительно (1756-EN2FK Series B), до 11.003 включительно (1756-EN2F Series C), до 5.008 включительно (1756-EN2F Series A), до 5.028 включительно (1756-EN2F Series A), до 5.008 включительно (1756-EN2F Series B), до 5.028 включительно (1756-EN2F Series B), до 11.003 включительно (1756-EN2TRXT Series C), до 5.008 включительно (1756-EN2TRXT Series A), до 5.028 включительно (1756-EN2TRXT Series A), до 5.008 включительно (1756-EN2TRXT Series B), до 5.028 включительно (1756-EN2TRXT Series B), до 11.003 включительно (1756-EN2TRK Series C), до 5.008 включительно (1756-EN2TRK Series A), до 5.028 включительно (1756-EN2TRK Series A), до 5.008 включительно (1756-EN2TRK Series B), до 5.028 включительно (1756-EN2TRK Series B), до 11.003 включительно (1756-EN2TR Series C), до 5.008 включительно (1756-EN2TR Series A), до 5.028 включительно (1756-EN2TR Series A), до 5.008 включительно (1756-EN2TR Series B), до 5.028 включительно (1756-EN2TR Series B), до 11.003 включительно (1756-EN2TPXT Series A), до 11.003 включительно (1756-EN2TPK Series A), до 11.003 включительно (1756-EN2TP Series A), до 11.003 включительно (1756-EN2TXT Series D), до 5.008 включительно (1756-EN2TXT Series A), до 5.028 включительно (1756-EN2TXT Series A), до 5.008 включительно (1756-EN2TXT Series B), до 5.028 включительно (1756-EN2TXT Series B), до 5.008 включительно (1756-EN2TXT Series C), до 5.028 включительно (1756-EN2TXT Series C), до 11.003 включительно (1756-EN2TK Series D), до 5.008 включительно (1756-EN2TK Series A), до 5.028 включительно (1756-EN2TK Series A), до 5.008 включительно (1756-EN2TK Series B), до 5.028 включительно (1756-EN2TK Series B), до 5.008 включительно (1756-EN2TK Series C), до 5.028 включительно (1756-EN2TK Series C), до 11.003 включительно (1756-EN2T Series D), до 5.008 включительно (1756-EN2T Series A), до 5.028 включительно (1756-EN2T Series A), до 5.008 включительно (1756-EN2T Series B), до 5.028 включительно (1756-EN2T Series B), до 5.008 включительно (1756-EN2T Series C), до 5.028 включительно (1756-EN2T Series C)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- при необходимости удаленного доступа обеспечение защиты канала связи физическими либо криптографическими методами (например, VPN);
- использование физического либо логического (с использованием межсетевого экрана) разграничения доступа к сегменту сети с уязвимым устройством.
Использование рекомендаций производителя:
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010
Reference
https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01
https://vuldb.com/ru/?id.233868
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010
CWE
CWE-787
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Rockwell Automation Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.001 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN4TRXT Series A), \u0434\u043e 5.001 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN4TRK Series A), \u0434\u043e 5.001 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN4TR Series A), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN3TRK Series B), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN3TRK Series A), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN3TRK Series A), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN3TR Series B), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN3TR Series A), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN3TR Series A), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2FK Series C), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2FK Series A), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2FK Series A), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2FK Series B), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2FK Series B), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2F Series C), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2F Series A), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2F Series A), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2F Series B), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2F Series B), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TRXT Series C), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TRXT Series A), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TRXT Series A), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TRXT Series B), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TRXT Series B), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TRK Series C), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TRK Series A), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TRK Series A), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TRK Series B), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TRK Series B), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TR Series C), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TR Series A), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TR Series A), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TR Series B), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TR Series B), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TPXT Series A), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TPK Series A), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TP Series A), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TXT Series D), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TXT Series A), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TXT Series A), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TXT Series B), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TXT Series B), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TXT Series C), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TXT Series C), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TK Series D), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TK Series A), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TK Series A), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TK Series B), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TK Series B), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TK Series C), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2TK Series C), \u0434\u043e 11.003 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2T Series D), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2T Series A), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2T Series A), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2T Series B), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2T Series B), \u0434\u043e 5.008 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2T Series C), \u0434\u043e 5.028 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (1756-EN2T Series C)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043f\u0440\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u0437\u0430\u0449\u0438\u0442\u044b \u043a\u0430\u043d\u0430\u043b\u0430 \u0441\u0432\u044f\u0437\u0438 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043b\u0438\u0431\u043e \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043c\u0435\u0442\u043e\u0434\u0430\u043c\u0438 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, VPN);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043b\u0438\u0431\u043e \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e (\u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430) \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0443 \u0441\u0435\u0442\u0438 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.07.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.10.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.07.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-03948",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-3595, ICSA-23-193-01",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "1756-EN4TRXT Series A, 1756-EN4TRK Series A, 1756-EN4TR Series A, 1756-EN3TRK Series B, 1756-EN3TRK Series A, 1756-EN3TR Series B, 1756-EN3TR Series A, 1756-EN2FK Series C, 1756-EN2FK Series A, 1756-EN2FK Series B, 1756-EN2F Series C, 1756-EN2F Series A, 1756-EN2F Series B, 1756-EN2TRXT Series C, 1756-EN2TRXT Series A, 1756-EN2TRXT Series B, 1756-EN2TRK Series C, 1756-EN2TRK Series A, 1756-EN2TRK Series B, 1756-EN2TR Series C, 1756-EN2TR Series A, 1756-EN2TR Series B, 1756-EN2TPXT Series A, 1756-EN2TPK Series A, 1756-EN2TP Series A, 1756-EN2TXT Series D, 1756-EN2TXT Series A, 1756-EN2TXT Series B, 1756-EN2TXT Series C, 1756-EN2TK Series D, 1756-EN2TK Series A, 1756-EN2TK Series B, 1756-EN2TK Series C, 1756-EN2T Series D, 1756-EN2T Series A, 1756-EN2T Series B, 1756-EN2T Series C",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0443\u043b\u0435\u0439 Rockwell Automation 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Allen-Bradley \u0441\u0435\u0440\u0438\u0438 ControlLogix 1756, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0443\u043b\u0435\u0439 Rockwell Automation 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Allen-Bradley \u0441\u0435\u0440\u0438\u0438 ControlLogix 1756 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e CIP-\u043f\u0430\u043a\u0435\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01\nhttps://vuldb.com/ru/?id.233868\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
ICSA-23-193-01
Vulnerability from csaf_cisa - Published: 2023-07-12 06:00 - Updated: 2023-07-12 06:00Summary
Rockwell Automation Select Communication Modules
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access of the running memory of the module and perform malicious activity.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploits specifically target these vulnerabilities.
9.8 (Critical)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
1756-EN2T Series A: <= 5.008
Rockwell Automation / 1756-EN2T Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series A: <= 5.028
Rockwell Automation / 1756-EN2T Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series B: <= 5.008
Rockwell Automation / 1756-EN2T Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series B: <= 5.028
Rockwell Automation / 1756-EN2T Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series C: <= 5.008
Rockwell Automation / 1756-EN2T Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series C: <= 5.028
Rockwell Automation / 1756-EN2T Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series D: <= 11.003
Rockwell Automation / 1756-EN2T Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series A: <= 5.008
Rockwell Automation / 1756-EN2TK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series A: <= 5.028
Rockwell Automation / 1756-EN2TK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series B: <= 5.008
Rockwell Automation / 1756-EN2TK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series B: <= 5.028
Rockwell Automation / 1756-EN2TK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series C: <= 5.008
Rockwell Automation / 1756-EN2TK Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series C: <= 5.028
Rockwell Automation / 1756-EN2TK Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series D: <= 11.003
Rockwell Automation / 1756-EN2TK Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series A: <= 5.008
Rockwell Automation / 1756-EN2TXT Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series A: <= 5.028
Rockwell Automation / 1756-EN2TXT Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series B: <= 5.008
Rockwell Automation / 1756-EN2TXT Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series B: <= 5.028
Rockwell Automation / 1756-EN2TXT Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series C: <= 5.008
Rockwell Automation / 1756-EN2TXT Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series C: <= 5.028
Rockwell Automation / 1756-EN2TXT Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series D: <= 11.003
Rockwell Automation / 1756-EN2TXT Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TP Series A: <= 11.003
Rockwell Automation / 1756-EN2TP Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TPK Series A: <= 11.003
Rockwell Automation / 1756-EN2TPK Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TPXT Series A: <= 11.003
Rockwell Automation / 1756-EN2TPXT Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series A: <= 5.008
Rockwell Automation / 1756-EN2TR Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series A: <= 5.028
Rockwell Automation / 1756-EN2TR Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series B: <= 5.008
Rockwell Automation / 1756-EN2TR Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series B: <= 5.028
Rockwell Automation / 1756-EN2TR Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series C: <= 11.003
Rockwell Automation / 1756-EN2TR Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series A: <= 5.008
Rockwell Automation / 1756-EN2TRK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series A: <= 5.028
Rockwell Automation / 1756-EN2TRK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series B: <= 5.008
Rockwell Automation / 1756-EN2TRK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series B: <= 5.028
Rockwell Automation / 1756-EN2TRK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series C: <= 11.003
Rockwell Automation / 1756-EN2TRK Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series A: <= 5.008
Rockwell Automation / 1756-EN2TRXT Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series A: <= 5.028
Rockwell Automation / 1756-EN2TRXT Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series B: <= 5.008
Rockwell Automation / 1756-EN2TRXT Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series B: <= 5.028
Rockwell Automation / 1756-EN2TRXT Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series C: <= 11.003
Rockwell Automation / 1756-EN2TRXT Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series A: <= 5.008
Rockwell Automation / 1756-EN2F Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series A: <= 5.028
Rockwell Automation / 1756-EN2F Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series B: <= 5.008
Rockwell Automation / 1756-EN2F Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series B: <= 5.028
Rockwell Automation / 1756-EN2F Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series C: <= 11.003
Rockwell Automation / 1756-EN2F Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series A: <= 5.008
Rockwell Automation / 1756-EN2FK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series A: <= 5.028
Rockwell Automation / 1756-EN2FK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series B: <= 5.008
Rockwell Automation / 1756-EN2FK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series B: <= 5.028
Rockwell Automation / 1756-EN2FK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series C: <= 11.003
Rockwell Automation / 1756-EN2FK Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series A: <= 5.008
Rockwell Automation / 1756-EN3TR Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series A: <= 5.028
Rockwell Automation / 1756-EN3TR Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series B: <= 11.003
Rockwell Automation / 1756-EN3TR Series B
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series A: <= 5.008
Rockwell Automation / 1756-EN3TRK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series A: <= 5.028
Rockwell Automation / 1756-EN3TRK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series B: <= 11.003
Rockwell Automation / 1756-EN3TRK Series B
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TR Series A: <= 5.001
Rockwell Automation / 1756-EN4TR Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TRK Series A: <= 5.001
Rockwell Automation / 1756-EN4TRK Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TRXT Series A: <= 5.001
Rockwell Automation / 1756-EN4TRXT Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
1756-EN2T Series A: <= 5.008
Rockwell Automation / 1756-EN2T Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series A: <= 5.028
Rockwell Automation / 1756-EN2T Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series B: <= 5.008
Rockwell Automation / 1756-EN2T Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series B: <= 5.028
Rockwell Automation / 1756-EN2T Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series C: <= 5.008
Rockwell Automation / 1756-EN2T Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series C: <= 5.028
Rockwell Automation / 1756-EN2T Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series D: <= 11.003
Rockwell Automation / 1756-EN2T Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series A: <= 5.008
Rockwell Automation / 1756-EN2TK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series A: <= 5.028
Rockwell Automation / 1756-EN2TK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series B: <= 5.008
Rockwell Automation / 1756-EN2TK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series B: <= 5.028
Rockwell Automation / 1756-EN2TK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series C: <= 5.008
Rockwell Automation / 1756-EN2TK Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series C: <= 5.028
Rockwell Automation / 1756-EN2TK Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series D: <= 11.003
Rockwell Automation / 1756-EN2TK Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series A: <= 5.008
Rockwell Automation / 1756-EN2TXT Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series A: <= 5.028
Rockwell Automation / 1756-EN2TXT Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series B: <= 5.008
Rockwell Automation / 1756-EN2TXT Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series B: <= 5.028
Rockwell Automation / 1756-EN2TXT Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series C: <= 5.008
Rockwell Automation / 1756-EN2TXT Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series C: <= 5.028
Rockwell Automation / 1756-EN2TXT Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series D: <= 11.003
Rockwell Automation / 1756-EN2TXT Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TP Series A: <= 11.003
Rockwell Automation / 1756-EN2TP Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TPK Series A: <= 11.003
Rockwell Automation / 1756-EN2TPK Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TPXT Series A: <= 11.003
Rockwell Automation / 1756-EN2TPXT Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series A: <= 5.008
Rockwell Automation / 1756-EN2TR Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series A: <= 5.028
Rockwell Automation / 1756-EN2TR Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series B: <= 5.008
Rockwell Automation / 1756-EN2TR Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series B: <= 5.028
Rockwell Automation / 1756-EN2TR Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series C: <= 11.003
Rockwell Automation / 1756-EN2TR Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series A: <= 5.008
Rockwell Automation / 1756-EN2TRK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series A: <= 5.028
Rockwell Automation / 1756-EN2TRK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series B: <= 5.008
Rockwell Automation / 1756-EN2TRK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series B: <= 5.028
Rockwell Automation / 1756-EN2TRK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series C: <= 11.003
Rockwell Automation / 1756-EN2TRK Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series A: <= 5.008
Rockwell Automation / 1756-EN2TRXT Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series A: <= 5.028
Rockwell Automation / 1756-EN2TRXT Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series B: <= 5.008
Rockwell Automation / 1756-EN2TRXT Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series B: <= 5.028
Rockwell Automation / 1756-EN2TRXT Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series C: <= 11.003
Rockwell Automation / 1756-EN2TRXT Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series A: <= 5.008
Rockwell Automation / 1756-EN2F Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series A: <= 5.028
Rockwell Automation / 1756-EN2F Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series B: <= 5.008
Rockwell Automation / 1756-EN2F Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series B: <= 5.028
Rockwell Automation / 1756-EN2F Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series C: <= 11.003
Rockwell Automation / 1756-EN2F Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series A: <= 5.008
Rockwell Automation / 1756-EN2FK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series A: <= 5.028
Rockwell Automation / 1756-EN2FK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series B: <= 5.008
Rockwell Automation / 1756-EN2FK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series B: <= 5.028
Rockwell Automation / 1756-EN2FK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series C: <= 11.003
Rockwell Automation / 1756-EN2FK Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series A: <= 5.008
Rockwell Automation / 1756-EN3TR Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series A: <= 5.028
Rockwell Automation / 1756-EN3TR Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series B: <= 11.003
Rockwell Automation / 1756-EN3TR Series B
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series A: <= 5.008
Rockwell Automation / 1756-EN3TRK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series A: <= 5.028
Rockwell Automation / 1756-EN3TRK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series B: <= 11.003
Rockwell Automation / 1756-EN3TRK Series B
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TR Series A: <= 5.001
Rockwell Automation / 1756-EN4TR Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TRK Series A: <= 5.001
Rockwell Automation / 1756-EN4TRK Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TRXT Series A: <= 5.001
Rockwell Automation / 1756-EN4TRXT Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
References
12 references
Acknowledgments
Rockwell Automation
{
"document": {
"acknowledgments": [
{
"organization": "Rockwell Automation",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access of the running memory of the module and perform malicious activity. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-23-193-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-193-01.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-23-193-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Rockwell Automation Select Communication Modules",
"tracking": {
"current_release_date": "2023-07-12T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-193-01",
"initial_release_date": "2023-07-12T06:00:00.000000Z",
"revision_history": [
{
"date": "2023-07-12T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2T Series A: \u003c= 5.008",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2T Series A: \u003c= 5.028",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2T Series B: \u003c= 5.008",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2T Series B: \u003c= 5.028",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2T Series C: \u003c= 5.008",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2T Series C: \u003c= 5.028",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2T Series D: \u003c= 11.003",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TK Series A: \u003c= 5.008",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TK Series A: \u003c= 5.028",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TK Series B: \u003c= 5.008",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TK Series B: \u003c= 5.028",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TK Series C: \u003c= 5.008",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TK Series C: \u003c= 5.028",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TK Series D: \u003c= 11.003",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TXT Series A: \u003c= 5.008",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TXT Series A: \u003c= 5.028",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TXT Series B: \u003c= 5.008",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TXT Series B: \u003c= 5.028",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TXT Series C: \u003c= 5.008",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TXT Series C: \u003c= 5.028",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TXT Series D: \u003c= 11.003",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TP Series A: \u003c= 11.003",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "1756-EN2TP Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TPK Series A: \u003c= 11.003",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "1756-EN2TPK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TPXT Series A: \u003c= 11.003",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "1756-EN2TPXT Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TR Series A: \u003c= 5.008",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "1756-EN2TR Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TR Series A: \u003c= 5.028",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "1756-EN2TR Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TR Series B: \u003c= 5.008",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "1756-EN2TR Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TR Series B: \u003c= 5.028",
"product_id": "CSAFPID-0028"
}
}
],
"category": "product_name",
"name": "1756-EN2TR Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TR Series C: \u003c= 11.003",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "1756-EN2TR Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TRK Series A: \u003c= 5.008",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "1756-EN2TRK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TRK Series A: \u003c= 5.028",
"product_id": "CSAFPID-0031"
}
}
],
"category": "product_name",
"name": "1756-EN2TRK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TRK Series B: \u003c= 5.008",
"product_id": "CSAFPID-0032"
}
}
],
"category": "product_name",
"name": "1756-EN2TRK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TRK Series B: \u003c= 5.028",
"product_id": "CSAFPID-0033"
}
}
],
"category": "product_name",
"name": "1756-EN2TRK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TRK Series C: \u003c= 11.003",
"product_id": "CSAFPID-0034"
}
}
],
"category": "product_name",
"name": "1756-EN2TRK Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TRXT Series A: \u003c= 5.008",
"product_id": "CSAFPID-0035"
}
}
],
"category": "product_name",
"name": "1756-EN2TRXT Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TRXT Series A: \u003c= 5.028",
"product_id": "CSAFPID-0036"
}
}
],
"category": "product_name",
"name": "1756-EN2TRXT Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TRXT Series B: \u003c= 5.008",
"product_id": "CSAFPID-0037"
}
}
],
"category": "product_name",
"name": "1756-EN2TRXT Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TRXT Series B: \u003c= 5.028",
"product_id": "CSAFPID-0038"
}
}
],
"category": "product_name",
"name": "1756-EN2TRXT Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TRXT Series C: \u003c= 11.003",
"product_id": "CSAFPID-0039"
}
}
],
"category": "product_name",
"name": "1756-EN2TRXT Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2F Series A: \u003c= 5.008",
"product_id": "CSAFPID-0040"
}
}
],
"category": "product_name",
"name": "1756-EN2F Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2F Series A: \u003c= 5.028",
"product_id": "CSAFPID-0041"
}
}
],
"category": "product_name",
"name": "1756-EN2F Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2F Series B: \u003c= 5.008",
"product_id": "CSAFPID-0042"
}
}
],
"category": "product_name",
"name": "1756-EN2F Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2F Series B: \u003c= 5.028",
"product_id": "CSAFPID-0043"
}
}
],
"category": "product_name",
"name": "1756-EN2F Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2F Series C: \u003c= 11.003",
"product_id": "CSAFPID-0044"
}
}
],
"category": "product_name",
"name": "1756-EN2F Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2FK Series A: \u003c= 5.008",
"product_id": "CSAFPID-0045"
}
}
],
"category": "product_name",
"name": "1756-EN2FK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2FK Series A: \u003c= 5.028",
"product_id": "CSAFPID-0046"
}
}
],
"category": "product_name",
"name": "1756-EN2FK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2FK Series B: \u003c= 5.008",
"product_id": "CSAFPID-0047"
}
}
],
"category": "product_name",
"name": "1756-EN2FK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2FK Series B: \u003c= 5.028",
"product_id": "CSAFPID-0048"
}
}
],
"category": "product_name",
"name": "1756-EN2FK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2FK Series C: \u003c= 11.003",
"product_id": "CSAFPID-0049"
}
}
],
"category": "product_name",
"name": "1756-EN2FK Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN3TR Series A: \u003c= 5.008",
"product_id": "CSAFPID-0050"
}
}
],
"category": "product_name",
"name": "1756-EN3TR Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN3TR Series A: \u003c= 5.028",
"product_id": "CSAFPID-0051"
}
}
],
"category": "product_name",
"name": "1756-EN3TR Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN3TR Series B: \u003c= 11.003",
"product_id": "CSAFPID-0052"
}
}
],
"category": "product_name",
"name": "1756-EN3TR Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN3TRK Series A: \u003c= 5.008",
"product_id": "CSAFPID-0053"
}
}
],
"category": "product_name",
"name": "1756-EN3TRK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN3TRK Series A: \u003c= 5.028",
"product_id": "CSAFPID-0054"
}
}
],
"category": "product_name",
"name": "1756-EN3TRK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN3TRK Series B: \u003c= 11.003",
"product_id": "CSAFPID-0055"
}
}
],
"category": "product_name",
"name": "1756-EN3TRK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.001",
"product": {
"name": "1756-EN4TR Series A: \u003c= 5.001",
"product_id": "CSAFPID-0056"
}
}
],
"category": "product_name",
"name": "1756-EN4TR Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.001",
"product": {
"name": "1756-EN4TRK Series A: \u003c= 5.001",
"product_id": "CSAFPID-0057"
}
}
],
"category": "product_name",
"name": "1756-EN4TRK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.001",
"product": {
"name": "1756-EN4TRXT Series A: \u003c= 5.001",
"product_id": "CSAFPID-0058"
}
}
],
"category": "product_name",
"name": "1756-EN4TRXT Series A"
}
],
"category": "vendor",
"name": "Rockwell Automation "
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3595",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Where this vulnerability exists in the 1756 EN2* and 1756 EN3* products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3595"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation has released the following versions to fix these vulnerabilities and can be addressed by performing a standard firmware update. Customers are strongly encouraged to implement the risk mitigations provided below and to the extent possible, to combine these with the security best practices to employ multiple strategies simultaneously.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0012",
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0014"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0015",
"CSAFPID-0016"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0019",
"CSAFPID-0020"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0021"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TP Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0022"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TPK Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TPXT Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0024"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0025",
"CSAFPID-0026"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0027",
"CSAFPID-0028"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0029"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0030",
"CSAFPID-0031"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0032",
"CSAFPID-0033"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0034"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0035",
"CSAFPID-0036"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0037",
"CSAFPID-0038"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0039"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0042",
"CSAFPID-0043"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0044"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0045",
"CSAFPID-0046"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0047",
"CSAFPID-0048"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0049"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TR Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0050",
"CSAFPID-0051"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TR Series B: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0052"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TRK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0053",
"CSAFPID-0054"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TRK Series B: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0055"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TR Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0056"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TRK Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0057"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TRXT Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "** Rockwell Automation strongly recommends updating to signed firmware if possible. Once the module is updated to signed firmware (example 5.008 to 5.0029), it is not possible to revert to unsigned firmware versions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Organizations should take the following actions to further secure ControlLogix communications modules from exploitation:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Update firmware. Update EN2 * ControlLogix communications modules to firmware revision 11.004 and update EN4 * ControlLogix communications modules to firmware revision 5.002.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Properly segment networks. Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Implement detection signatures. Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "For more information and to see Rockwell\u0027s detection rules, see Rockwell Automation\u0027s Security Advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
}
]
},
{
"cve": "CVE-2023-3596",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Where this vulnerability exists in the 1756-EN4* products, it could allow a malicious user to cause a denial-of-service condition by asserting the target system through maliciously crafted CIP messages. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3596"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation has released the following versions to fix these vulnerabilities and can be addressed by performing a standard firmware update. Customers are strongly encouraged to implement the risk mitigations provided below and to the extent possible, to combine these with the security best practices to employ multiple strategies simultaneously.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0012",
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0014"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0015",
"CSAFPID-0016"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0019",
"CSAFPID-0020"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0021"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TP Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0022"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TPK Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TPXT Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0024"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0025",
"CSAFPID-0026"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0027",
"CSAFPID-0028"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0029"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0030",
"CSAFPID-0031"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0032",
"CSAFPID-0033"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0034"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0035",
"CSAFPID-0036"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0037",
"CSAFPID-0038"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0039"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0042",
"CSAFPID-0043"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0044"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0045",
"CSAFPID-0046"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0047",
"CSAFPID-0048"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0049"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TR Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0050",
"CSAFPID-0051"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TR Series B: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0052"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TRK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0053",
"CSAFPID-0054"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TRK Series B: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0055"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TR Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0056"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TRK Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0057"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TRXT Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "** Rockwell Automation strongly recommends updating to signed firmware if possible. Once the module is updated to signed firmware (example 5.008 to 5.0029), it is not possible to revert to unsigned firmware versions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Organizations should take the following actions to further secure ControlLogix communications modules from exploitation:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Update firmware. Update EN2 * ControlLogix communications modules to firmware revision 11.004 and update EN4 * ControlLogix communications modules to firmware revision 5.002.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Properly segment networks. Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Implement detection signatures. Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "For more information and to see Rockwell\u0027s detection rules, see Rockwell Automation\u0027s Security Advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…