TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2023-3595

CRITICAL
9.8

Beschreibung

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht7/12/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

rockwellautomation:1756-en2f_series_arockwellautomation:1756-en2f_series_a_firmwarerockwellautomation:1756-en2f_series_brockwellautomation:1756-en2f_series_b_firmwarerockwellautomation:1756-en2f_series_crockwellautomation:1756-en2f_series_c_firmwarerockwellautomation:1756-en2t_series_arockwellautomation:1756-en2t_series_a_firmwarerockwellautomation:1756-en2t_series_brockwellautomation:1756-en2t_series_b_firmwarerockwellautomation:1756-en2t_series_crockwellautomation:1756-en2t_series_c_firmwarerockwellautomation:1756-en2t_series_drockwellautomation:1756-en2t_series_d_firmwarerockwellautomation:1756-en2tr_series_arockwellautomation:1756-en2tr_series_a_firmwarerockwellautomation:1756-en2tr_series_brockwellautomation:1756-en2tr_series_b_firmwarerockwellautomation:1756-en2tr_series_crockwellautomation:1756-en2tr_series_c_firmwarerockwellautomation:1756-en3tr_series_arockwellautomation:1756-en3tr_series_a_firmwarerockwellautomation:1756-en3tr_series_brockwellautomation:1756-en3tr_series_b_firmware

Schwachen (CWE)

CWE-787CWE-787

Referenzen

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010(PSIRT@rockwellautomation.com)
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.