Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-3596 (GCVE-0-2023-3596)
Vulnerability from cvelistv5 – Published: 2023-07-12 12:51 – Updated: 2024-11-07 16:59
VLAI
EPSS
Title
Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service
Summary
Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | 1756-EN4TR Series A |
Affected:
<=5.001
|
|
| Rockwell Automation | 1756-EN4TRK Series A |
Affected:
<=5.001
|
|
| Rockwell Automation | 1756-EN4TRXT Series A |
Affected:
<=5.001
|
|
| rockwellautomation | 1756-en4tr |
Affected:
0 , ≤ 5.001
(custom)
cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:* |
|
| rockwellautomation | 1756-en4trk |
Affected:
0 , ≤ 5.001
(custom)
cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:* |
|
| rockwellautomation | 1756-en4trxt |
Affected:
0 , ≤ 5.001
(custom)
cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:* |
Date Public
2023-07-12 12:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "1756-en4tr",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "5.001",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "1756-en4trk",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "5.001",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "1756-en4trxt",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "5.001",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:56:23.761081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:59:33.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-EN4TR Series A",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c=5.001"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1756-EN4TRK Series A",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c=5.001"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1756-EN4TRXT Series A\t",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c=5.001"
}
]
}
],
"datePublic": "2023-07-12T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\u003c/span\u003e\n\n"
}
],
"value": "\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T13:16:21.672Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003e\u003cstrong\u003eUpdate firmware. \u003c/strong\u003eUpdate EN4* ControlLogix communications modules to firmware revision 5.002.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eProperly segment networks.\u003c/strong\u003e\u0026nbsp;Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. \u003c/li\u003e\u003cli\u003e\u003cstrong\u003eImplement detection signatures.\u003c/strong\u003e\u0026nbsp;Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices. \u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n * Update firmware. Update EN4* ControlLogix communications modules to firmware revision 5.002.\u00a0\n * Properly segment networks.\u00a0Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. \n * Implement detection signatures.\u00a0Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices. \n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-3596",
"datePublished": "2023-07-12T12:51:19.498Z",
"dateReserved": "2023-07-10T15:34:53.790Z",
"dateUpdated": "2024-11-07T16:59:33.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-3596",
"date": "2026-06-05",
"epss": "0.022",
"percentile": "0.8475"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB4EB5E2-9FB4-419E-B23A-458436E61121\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:1756-en4trk_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEF09D94-1AE1-4449-8ECA-0A5B1F5019C9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BE4EFEA-79D9-4903-8272-49756A014BD4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:1756-en4trxt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12EE978F-DECE-4572-93AE-026D3EDC5878\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E45471FA-99BF-4F57-BFC8-224BB9576670\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"\\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\\n\\n\"}]",
"id": "CVE-2023-3596",
"lastModified": "2024-11-21T08:17:37.873",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"PSIRT@rockwellautomation.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-07-12T13:15:09.947",
"references": "[{\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010\", \"source\": \"PSIRT@rockwellautomation.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"PSIRT@rockwellautomation.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-3596\",\"sourceIdentifier\":\"PSIRT@rockwellautomation.com\",\"published\":\"2023-07-12T13:15:09.947\",\"lastModified\":\"2024-11-21T08:17:37.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB4EB5E2-9FB4-419E-B23A-458436E61121\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:1756-en4trk_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEF09D94-1AE1-4449-8ECA-0A5B1F5019C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BE4EFEA-79D9-4903-8272-49756A014BD4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:1756-en4trxt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12EE978F-DECE-4572-93AE-026D3EDC5878\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E45471FA-99BF-4F57-BFC8-224BB9576670\"}]}]}],\"references\":[{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010\",\"source\":\"PSIRT@rockwellautomation.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:01:56.685Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3596\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-07T16:56:23.761081Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*\"], \"vendor\": \"rockwellautomation\", \"product\": \"1756-en4tr\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.001\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*\"], \"vendor\": \"rockwellautomation\", \"product\": \"1756-en4trk\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.001\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*\"], \"vendor\": \"rockwellautomation\", \"product\": \"1756-en4trxt\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.001\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-07T16:59:20.757Z\"}}], \"cna\": {\"title\": \"Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service \", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-100\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-100 Overflow Buffers\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Rockwell Automation\", \"product\": \"1756-EN4TR Series A\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c=5.001\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Rockwell Automation\", \"product\": \"1756-EN4TRK Series A\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c=5.001\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Rockwell Automation\", \"product\": \"1756-EN4TRXT Series A\\t\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c=5.001\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\n * Update firmware. Update EN4* ControlLogix communications modules to firmware revision 5.002.\\u00a0\\n * Properly segment networks.\\u00a0Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. \\n * Implement detection signatures.\\u00a0Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices. \\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cul\u003e\u003cli\u003e\u003cstrong\u003eUpdate firmware. \u003c/strong\u003eUpdate EN4* ControlLogix communications modules to firmware revision 5.002.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eProperly segment networks.\u003c/strong\u003e\u0026nbsp;Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. \u003c/li\u003e\u003cli\u003e\u003cstrong\u003eImplement detection signatures.\u003c/strong\u003e\u0026nbsp;Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices. \u003c/li\u003e\u003c/ul\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2023-07-12T12:00:00.000Z\", \"references\": [{\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\u003c/span\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"shortName\": \"Rockwell\", \"dateUpdated\": \"2023-07-12T13:16:21.672Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-3596\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-07T16:59:33.267Z\", \"dateReserved\": \"2023-07-10T15:34:53.790Z\", \"assignerOrgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"datePublished\": \"2023-07-12T12:51:19.498Z\", \"assignerShortName\": \"Rockwell\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2023-3596
Vulnerability from fkie_nvd - Published: 2023-07-12 13:15 - Updated: 2024-11-21 08:17
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.
References
| URL | Tags | ||
|---|---|---|---|
| PSIRT@rockwellautomation.com | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010 | Permissions Required, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4EB5E2-9FB4-419E-B23A-458436E61121",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:1756-en4trk_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF09D94-1AE1-4449-8ECA-0A5B1F5019C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE4EFEA-79D9-4903-8272-49756A014BD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:1756-en4trxt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE978F-DECE-4572-93AE-026D3EDC5878",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E45471FA-99BF-4F57-BFC8-224BB9576670",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\n"
}
],
"id": "CVE-2023-3596",
"lastModified": "2024-11-21T08:17:37.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-12T13:15:09.947",
"references": [
{
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
}
],
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-XVQ9-C88Q-JF5X
Vulnerability from github – Published: 2023-07-12 15:30 – Updated: 2024-04-04 06:04
VLAI
Details
Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2023-3596"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-12T13:15:09Z",
"severity": "HIGH"
},
"details": "\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\n",
"id": "GHSA-xvq9-c88q-jf5x",
"modified": "2024-04-04T06:04:16Z",
"published": "2023-07-12T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3596"
},
{
"type": "WEB",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-3596
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-3596",
"id": "GSD-2023-3596"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-3596"
],
"details": "\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\n",
"id": "GSD-2023-3596",
"modified": "2023-12-13T01:20:54.302670Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@rockwellautomation.com",
"ID": "CVE-2023-3596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1756-EN4TR Series A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c=5.001"
}
]
}
},
{
"product_name": "1756-EN4TRK Series A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c=5.001"
}
]
}
},
{
"product_name": "1756-EN4TRXT Series A\t",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c=5.001"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-787",
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010",
"refsource": "MISC",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003e\u003cstrong\u003eUpdate firmware. \u003c/strong\u003eUpdate EN4* ControlLogix communications modules to firmware revision 5.002.\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eProperly segment networks.\u003c/strong\u003e\u0026nbsp;Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. \u003c/li\u003e\u003cli\u003e\u003cstrong\u003eImplement detection signatures.\u003c/strong\u003e\u0026nbsp;Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices. \u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n * Update firmware. Update EN4* ControlLogix communications modules to firmware revision 5.002.\u00a0\n * Properly segment networks.\u00a0Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. \n * Implement detection signatures.\u00a0Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices. \n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en4trk_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en4trxt_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@rockwellautomation.com",
"ID": "CVE-2023-3596"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-07-20T19:51Z",
"publishedDate": "2023-07-12T13:15Z"
}
}
}
ICSA-23-193-01
Vulnerability from csaf_cisa - Published: 2023-07-12 06:00 - Updated: 2023-07-12 06:00Summary
Rockwell Automation Select Communication Modules
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access of the running memory of the module and perform malicious activity.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploits specifically target these vulnerabilities.
9.8 (Critical)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
1756-EN2T Series A: <= 5.008
Rockwell Automation / 1756-EN2T Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series A: <= 5.028
Rockwell Automation / 1756-EN2T Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series B: <= 5.008
Rockwell Automation / 1756-EN2T Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series B: <= 5.028
Rockwell Automation / 1756-EN2T Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series C: <= 5.008
Rockwell Automation / 1756-EN2T Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series C: <= 5.028
Rockwell Automation / 1756-EN2T Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series D: <= 11.003
Rockwell Automation / 1756-EN2T Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series A: <= 5.008
Rockwell Automation / 1756-EN2TK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series A: <= 5.028
Rockwell Automation / 1756-EN2TK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series B: <= 5.008
Rockwell Automation / 1756-EN2TK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series B: <= 5.028
Rockwell Automation / 1756-EN2TK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series C: <= 5.008
Rockwell Automation / 1756-EN2TK Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series C: <= 5.028
Rockwell Automation / 1756-EN2TK Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series D: <= 11.003
Rockwell Automation / 1756-EN2TK Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series A: <= 5.008
Rockwell Automation / 1756-EN2TXT Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series A: <= 5.028
Rockwell Automation / 1756-EN2TXT Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series B: <= 5.008
Rockwell Automation / 1756-EN2TXT Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series B: <= 5.028
Rockwell Automation / 1756-EN2TXT Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series C: <= 5.008
Rockwell Automation / 1756-EN2TXT Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series C: <= 5.028
Rockwell Automation / 1756-EN2TXT Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series D: <= 11.003
Rockwell Automation / 1756-EN2TXT Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TP Series A: <= 11.003
Rockwell Automation / 1756-EN2TP Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TPK Series A: <= 11.003
Rockwell Automation / 1756-EN2TPK Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TPXT Series A: <= 11.003
Rockwell Automation / 1756-EN2TPXT Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series A: <= 5.008
Rockwell Automation / 1756-EN2TR Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series A: <= 5.028
Rockwell Automation / 1756-EN2TR Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series B: <= 5.008
Rockwell Automation / 1756-EN2TR Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series B: <= 5.028
Rockwell Automation / 1756-EN2TR Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series C: <= 11.003
Rockwell Automation / 1756-EN2TR Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series A: <= 5.008
Rockwell Automation / 1756-EN2TRK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series A: <= 5.028
Rockwell Automation / 1756-EN2TRK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series B: <= 5.008
Rockwell Automation / 1756-EN2TRK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series B: <= 5.028
Rockwell Automation / 1756-EN2TRK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series C: <= 11.003
Rockwell Automation / 1756-EN2TRK Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series A: <= 5.008
Rockwell Automation / 1756-EN2TRXT Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series A: <= 5.028
Rockwell Automation / 1756-EN2TRXT Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series B: <= 5.008
Rockwell Automation / 1756-EN2TRXT Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series B: <= 5.028
Rockwell Automation / 1756-EN2TRXT Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series C: <= 11.003
Rockwell Automation / 1756-EN2TRXT Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series A: <= 5.008
Rockwell Automation / 1756-EN2F Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series A: <= 5.028
Rockwell Automation / 1756-EN2F Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series B: <= 5.008
Rockwell Automation / 1756-EN2F Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series B: <= 5.028
Rockwell Automation / 1756-EN2F Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series C: <= 11.003
Rockwell Automation / 1756-EN2F Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series A: <= 5.008
Rockwell Automation / 1756-EN2FK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series A: <= 5.028
Rockwell Automation / 1756-EN2FK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series B: <= 5.008
Rockwell Automation / 1756-EN2FK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series B: <= 5.028
Rockwell Automation / 1756-EN2FK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series C: <= 11.003
Rockwell Automation / 1756-EN2FK Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series A: <= 5.008
Rockwell Automation / 1756-EN3TR Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series A: <= 5.028
Rockwell Automation / 1756-EN3TR Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series B: <= 11.003
Rockwell Automation / 1756-EN3TR Series B
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series A: <= 5.008
Rockwell Automation / 1756-EN3TRK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series A: <= 5.028
Rockwell Automation / 1756-EN3TRK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series B: <= 11.003
Rockwell Automation / 1756-EN3TRK Series B
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TR Series A: <= 5.001
Rockwell Automation / 1756-EN4TR Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TRK Series A: <= 5.001
Rockwell Automation / 1756-EN4TRK Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TRXT Series A: <= 5.001
Rockwell Automation / 1756-EN4TRXT Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
1756-EN2T Series A: <= 5.008
Rockwell Automation / 1756-EN2T Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series A: <= 5.028
Rockwell Automation / 1756-EN2T Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series B: <= 5.008
Rockwell Automation / 1756-EN2T Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series B: <= 5.028
Rockwell Automation / 1756-EN2T Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series C: <= 5.008
Rockwell Automation / 1756-EN2T Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series C: <= 5.028
Rockwell Automation / 1756-EN2T Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2T Series D: <= 11.003
Rockwell Automation / 1756-EN2T Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series A: <= 5.008
Rockwell Automation / 1756-EN2TK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series A: <= 5.028
Rockwell Automation / 1756-EN2TK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series B: <= 5.008
Rockwell Automation / 1756-EN2TK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series B: <= 5.028
Rockwell Automation / 1756-EN2TK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series C: <= 5.008
Rockwell Automation / 1756-EN2TK Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series C: <= 5.028
Rockwell Automation / 1756-EN2TK Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TK Series D: <= 11.003
Rockwell Automation / 1756-EN2TK Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series A: <= 5.008
Rockwell Automation / 1756-EN2TXT Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series A: <= 5.028
Rockwell Automation / 1756-EN2TXT Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series B: <= 5.008
Rockwell Automation / 1756-EN2TXT Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series B: <= 5.028
Rockwell Automation / 1756-EN2TXT Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series C: <= 5.008
Rockwell Automation / 1756-EN2TXT Series C
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series C: <= 5.028
Rockwell Automation / 1756-EN2TXT Series C
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TXT Series D: <= 11.003
Rockwell Automation / 1756-EN2TXT Series D
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TP Series A: <= 11.003
Rockwell Automation / 1756-EN2TP Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TPK Series A: <= 11.003
Rockwell Automation / 1756-EN2TPK Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TPXT Series A: <= 11.003
Rockwell Automation / 1756-EN2TPXT Series A
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series A: <= 5.008
Rockwell Automation / 1756-EN2TR Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series A: <= 5.028
Rockwell Automation / 1756-EN2TR Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series B: <= 5.008
Rockwell Automation / 1756-EN2TR Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series B: <= 5.028
Rockwell Automation / 1756-EN2TR Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TR Series C: <= 11.003
Rockwell Automation / 1756-EN2TR Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series A: <= 5.008
Rockwell Automation / 1756-EN2TRK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series A: <= 5.028
Rockwell Automation / 1756-EN2TRK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series B: <= 5.008
Rockwell Automation / 1756-EN2TRK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series B: <= 5.028
Rockwell Automation / 1756-EN2TRK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRK Series C: <= 11.003
Rockwell Automation / 1756-EN2TRK Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series A: <= 5.008
Rockwell Automation / 1756-EN2TRXT Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series A: <= 5.028
Rockwell Automation / 1756-EN2TRXT Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series B: <= 5.008
Rockwell Automation / 1756-EN2TRXT Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series B: <= 5.028
Rockwell Automation / 1756-EN2TRXT Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2TRXT Series C: <= 11.003
Rockwell Automation / 1756-EN2TRXT Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series A: <= 5.008
Rockwell Automation / 1756-EN2F Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series A: <= 5.028
Rockwell Automation / 1756-EN2F Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series B: <= 5.008
Rockwell Automation / 1756-EN2F Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series B: <= 5.028
Rockwell Automation / 1756-EN2F Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2F Series C: <= 11.003
Rockwell Automation / 1756-EN2F Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series A: <= 5.008
Rockwell Automation / 1756-EN2FK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series A: <= 5.028
Rockwell Automation / 1756-EN2FK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series B: <= 5.008
Rockwell Automation / 1756-EN2FK Series B
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series B: <= 5.028
Rockwell Automation / 1756-EN2FK Series B
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN2FK Series C: <= 11.003
Rockwell Automation / 1756-EN2FK Series C
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series A: <= 5.008
Rockwell Automation / 1756-EN3TR Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series A: <= 5.028
Rockwell Automation / 1756-EN3TR Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TR Series B: <= 11.003
Rockwell Automation / 1756-EN3TR Series B
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series A: <= 5.008
Rockwell Automation / 1756-EN3TRK Series A
|
<= 5.008 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series A: <= 5.028
Rockwell Automation / 1756-EN3TRK Series A
|
<= 5.028 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN3TRK Series B: <= 11.003
Rockwell Automation / 1756-EN3TRK Series B
|
<= 11.003 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TR Series A: <= 5.001
Rockwell Automation / 1756-EN4TR Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TRK Series A: <= 5.001
Rockwell Automation / 1756-EN4TRK Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
1756-EN4TRXT Series A: <= 5.001
Rockwell Automation / 1756-EN4TRXT Series A
|
<= 5.001 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
References
12 references
Acknowledgments
Rockwell Automation
{
"document": {
"acknowledgments": [
{
"organization": "Rockwell Automation",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access of the running memory of the module and perform malicious activity. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-23-193-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-193-01.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-23-193-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Rockwell Automation Select Communication Modules",
"tracking": {
"current_release_date": "2023-07-12T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-193-01",
"initial_release_date": "2023-07-12T06:00:00.000000Z",
"revision_history": [
{
"date": "2023-07-12T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2T Series A: \u003c= 5.008",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2T Series A: \u003c= 5.028",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2T Series B: \u003c= 5.008",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2T Series B: \u003c= 5.028",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2T Series C: \u003c= 5.008",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2T Series C: \u003c= 5.028",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2T Series D: \u003c= 11.003",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "1756-EN2T Series D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TK Series A: \u003c= 5.008",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TK Series A: \u003c= 5.028",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TK Series B: \u003c= 5.008",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TK Series B: \u003c= 5.028",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TK Series C: \u003c= 5.008",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TK Series C: \u003c= 5.028",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TK Series D: \u003c= 11.003",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "1756-EN2TK Series D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TXT Series A: \u003c= 5.008",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TXT Series A: \u003c= 5.028",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TXT Series B: \u003c= 5.008",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TXT Series B: \u003c= 5.028",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TXT Series C: \u003c= 5.008",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TXT Series C: \u003c= 5.028",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TXT Series D: \u003c= 11.003",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "1756-EN2TXT Series D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TP Series A: \u003c= 11.003",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "1756-EN2TP Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TPK Series A: \u003c= 11.003",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "1756-EN2TPK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TPXT Series A: \u003c= 11.003",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "1756-EN2TPXT Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TR Series A: \u003c= 5.008",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "1756-EN2TR Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TR Series A: \u003c= 5.028",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "1756-EN2TR Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TR Series B: \u003c= 5.008",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "1756-EN2TR Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TR Series B: \u003c= 5.028",
"product_id": "CSAFPID-0028"
}
}
],
"category": "product_name",
"name": "1756-EN2TR Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TR Series C: \u003c= 11.003",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "1756-EN2TR Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TRK Series A: \u003c= 5.008",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "1756-EN2TRK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TRK Series A: \u003c= 5.028",
"product_id": "CSAFPID-0031"
}
}
],
"category": "product_name",
"name": "1756-EN2TRK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TRK Series B: \u003c= 5.008",
"product_id": "CSAFPID-0032"
}
}
],
"category": "product_name",
"name": "1756-EN2TRK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TRK Series B: \u003c= 5.028",
"product_id": "CSAFPID-0033"
}
}
],
"category": "product_name",
"name": "1756-EN2TRK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TRK Series C: \u003c= 11.003",
"product_id": "CSAFPID-0034"
}
}
],
"category": "product_name",
"name": "1756-EN2TRK Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TRXT Series A: \u003c= 5.008",
"product_id": "CSAFPID-0035"
}
}
],
"category": "product_name",
"name": "1756-EN2TRXT Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TRXT Series A: \u003c= 5.028",
"product_id": "CSAFPID-0036"
}
}
],
"category": "product_name",
"name": "1756-EN2TRXT Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2TRXT Series B: \u003c= 5.008",
"product_id": "CSAFPID-0037"
}
}
],
"category": "product_name",
"name": "1756-EN2TRXT Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2TRXT Series B: \u003c= 5.028",
"product_id": "CSAFPID-0038"
}
}
],
"category": "product_name",
"name": "1756-EN2TRXT Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2TRXT Series C: \u003c= 11.003",
"product_id": "CSAFPID-0039"
}
}
],
"category": "product_name",
"name": "1756-EN2TRXT Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2F Series A: \u003c= 5.008",
"product_id": "CSAFPID-0040"
}
}
],
"category": "product_name",
"name": "1756-EN2F Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2F Series A: \u003c= 5.028",
"product_id": "CSAFPID-0041"
}
}
],
"category": "product_name",
"name": "1756-EN2F Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2F Series B: \u003c= 5.008",
"product_id": "CSAFPID-0042"
}
}
],
"category": "product_name",
"name": "1756-EN2F Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2F Series B: \u003c= 5.028",
"product_id": "CSAFPID-0043"
}
}
],
"category": "product_name",
"name": "1756-EN2F Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2F Series C: \u003c= 11.003",
"product_id": "CSAFPID-0044"
}
}
],
"category": "product_name",
"name": "1756-EN2F Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2FK Series A: \u003c= 5.008",
"product_id": "CSAFPID-0045"
}
}
],
"category": "product_name",
"name": "1756-EN2FK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2FK Series A: \u003c= 5.028",
"product_id": "CSAFPID-0046"
}
}
],
"category": "product_name",
"name": "1756-EN2FK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN2FK Series B: \u003c= 5.008",
"product_id": "CSAFPID-0047"
}
}
],
"category": "product_name",
"name": "1756-EN2FK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN2FK Series B: \u003c= 5.028",
"product_id": "CSAFPID-0048"
}
}
],
"category": "product_name",
"name": "1756-EN2FK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN2FK Series C: \u003c= 11.003",
"product_id": "CSAFPID-0049"
}
}
],
"category": "product_name",
"name": "1756-EN2FK Series C"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN3TR Series A: \u003c= 5.008",
"product_id": "CSAFPID-0050"
}
}
],
"category": "product_name",
"name": "1756-EN3TR Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN3TR Series A: \u003c= 5.028",
"product_id": "CSAFPID-0051"
}
}
],
"category": "product_name",
"name": "1756-EN3TR Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN3TR Series B: \u003c= 11.003",
"product_id": "CSAFPID-0052"
}
}
],
"category": "product_name",
"name": "1756-EN3TR Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.008",
"product": {
"name": "1756-EN3TRK Series A: \u003c= 5.008",
"product_id": "CSAFPID-0053"
}
}
],
"category": "product_name",
"name": "1756-EN3TRK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.028",
"product": {
"name": "1756-EN3TRK Series A: \u003c= 5.028",
"product_id": "CSAFPID-0054"
}
}
],
"category": "product_name",
"name": "1756-EN3TRK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 11.003",
"product": {
"name": "1756-EN3TRK Series B: \u003c= 11.003",
"product_id": "CSAFPID-0055"
}
}
],
"category": "product_name",
"name": "1756-EN3TRK Series B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.001",
"product": {
"name": "1756-EN4TR Series A: \u003c= 5.001",
"product_id": "CSAFPID-0056"
}
}
],
"category": "product_name",
"name": "1756-EN4TR Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.001",
"product": {
"name": "1756-EN4TRK Series A: \u003c= 5.001",
"product_id": "CSAFPID-0057"
}
}
],
"category": "product_name",
"name": "1756-EN4TRK Series A"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.001",
"product": {
"name": "1756-EN4TRXT Series A: \u003c= 5.001",
"product_id": "CSAFPID-0058"
}
}
],
"category": "product_name",
"name": "1756-EN4TRXT Series A"
}
],
"category": "vendor",
"name": "Rockwell Automation "
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3595",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Where this vulnerability exists in the 1756 EN2* and 1756 EN3* products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3595"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation has released the following versions to fix these vulnerabilities and can be addressed by performing a standard firmware update. Customers are strongly encouraged to implement the risk mitigations provided below and to the extent possible, to combine these with the security best practices to employ multiple strategies simultaneously.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0012",
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0014"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0015",
"CSAFPID-0016"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0019",
"CSAFPID-0020"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0021"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TP Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0022"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TPK Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TPXT Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0024"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0025",
"CSAFPID-0026"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0027",
"CSAFPID-0028"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0029"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0030",
"CSAFPID-0031"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0032",
"CSAFPID-0033"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0034"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0035",
"CSAFPID-0036"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0037",
"CSAFPID-0038"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0039"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0042",
"CSAFPID-0043"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0044"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0045",
"CSAFPID-0046"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0047",
"CSAFPID-0048"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0049"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TR Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0050",
"CSAFPID-0051"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TR Series B: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0052"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TRK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0053",
"CSAFPID-0054"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TRK Series B: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0055"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TR Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0056"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TRK Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0057"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TRXT Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "** Rockwell Automation strongly recommends updating to signed firmware if possible. Once the module is updated to signed firmware (example 5.008 to 5.0029), it is not possible to revert to unsigned firmware versions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Organizations should take the following actions to further secure ControlLogix communications modules from exploitation:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Update firmware. Update EN2 * ControlLogix communications modules to firmware revision 11.004 and update EN4 * ControlLogix communications modules to firmware revision 5.002.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Properly segment networks. Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Implement detection signatures. Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "For more information and to see Rockwell\u0027s detection rules, see Rockwell Automation\u0027s Security Advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
}
]
},
{
"cve": "CVE-2023-3596",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Where this vulnerability exists in the 1756-EN4* products, it could allow a malicious user to cause a denial-of-service condition by asserting the target system through maliciously crafted CIP messages. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3596"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation has released the following versions to fix these vulnerabilities and can be addressed by performing a standard firmware update. Customers are strongly encouraged to implement the risk mitigations provided below and to the extent possible, to combine these with the security best practices to employ multiple strategies simultaneously.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2T Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0012",
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TK Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0014"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0015",
"CSAFPID-0016"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0017",
"CSAFPID-0018"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0019",
"CSAFPID-0020"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TXT Series D: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0021"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TP Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0022"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TPK Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TPXT Series A: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0024"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0025",
"CSAFPID-0026"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0027",
"CSAFPID-0028"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TR Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0029"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0030",
"CSAFPID-0031"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0032",
"CSAFPID-0033"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRK Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0034"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0035",
"CSAFPID-0036"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0037",
"CSAFPID-0038"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2TRXT Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0039"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0040",
"CSAFPID-0041"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0042",
"CSAFPID-0043"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2F Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0044"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0045",
"CSAFPID-0046"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0047",
"CSAFPID-0048"
]
},
{
"category": "vendor_fix",
"details": "1756-EN2FK Series C: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0049"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TR Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0050",
"CSAFPID-0051"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TR Series B: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0052"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TRK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions",
"product_ids": [
"CSAFPID-0053",
"CSAFPID-0054"
]
},
{
"category": "vendor_fix",
"details": "1756-EN3TRK Series B: Update to 11.004 or later",
"product_ids": [
"CSAFPID-0055"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TR Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0056"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TRK Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0057"
]
},
{
"category": "vendor_fix",
"details": "1756-EN4TRXT Series A: Update to 5.002 or later",
"product_ids": [
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "** Rockwell Automation strongly recommends updating to signed firmware if possible. Once the module is updated to signed firmware (example 5.008 to 5.0029), it is not possible to revert to unsigned firmware versions.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Organizations should take the following actions to further secure ControlLogix communications modules from exploitation:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Update firmware. Update EN2 * ControlLogix communications modules to firmware revision 11.004 and update EN4 * ControlLogix communications modules to firmware revision 5.002.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Properly segment networks. Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "Implement detection signatures. Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
},
{
"category": "mitigation",
"details": "For more information and to see Rockwell\u0027s detection rules, see Rockwell Automation\u0027s Security Advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…