1. Home
  2. CVE Database
  3. CVE-2023-3595
CRITICAL · 9.8

CVE-2023-3595

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persisten...

Vulnerability Description

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Rockwellautomation1756-En2F Series A Firmware-
Rockwellautomation1756-En2F Series A-
Rockwellautomation1756-En2F Series B Firmware-
Rockwellautomation1756-En2F Series B-
Rockwellautomation1756-En2F Series C Firmware-
Rockwellautomation1756-En2F Series C-
Rockwellautomation1756-En2T Series A Firmware-
Rockwellautomation1756-En2T Series A-
Rockwellautomation1756-En2T Series B Firmware-
Rockwellautomation1756-En2T Series B-
Rockwellautomation1756-En2T Series C Firmware-
Rockwellautomation1756-En2T Series C-
Rockwellautomation1756-En2T Series D Firmware-
Rockwellautomation1756-En2T Series D-
Rockwellautomation1756-En2Tr Series A Firmware-
Rockwellautomation1756-En2Tr Series A-
Rockwellautomation1756-En2Tr Series B Firmware-
Rockwellautomation1756-En2Tr Series B-
Rockwellautomation1756-En2Tr Series C Firmware-
Rockwellautomation1756-En2Tr Series C-

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2023-3595?

CVE-2023-3595 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persisten...

How severe is CVE-2023-3595?

CVE-2023-3595 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-3595?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation 1756-En2F Series A Firmware, Rockwellautomation 1756-En2F Series A, Rockwellautomation 1756-En2F Series B Firmware, Rockwellautomation 1756-En2F Series B, Rockwellautomation 1756-En2F Series C Firmware.