CRITICAL🇬🇧 English

CVE-2023-2262

CVSS 9.8v3.1pub. 2023-09-20upd. 2024-11-21

A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rockwellautomation 1756 En2fk Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2fk Series A Firmware

    OS
    Rockwellautomation
    5.008 – 5.028
  • Rockwellautomation 1756 En2fk Series B

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2fk Series B Firmware

    OS
    Rockwellautomation
    5.008 – 5.028
  • Rockwellautomation 1756 En2fk Series C

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2fk Series C Firmware

    OS
    Rockwellautomation
    ≤ 11.002
  • Rockwellautomation 1756 En2f Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2f Series A Firmware

    OS
    Rockwellautomation
    5.008 – 5.028
  • Rockwellautomation 1756 En2f Series B

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2f Series B Firmware

    OS
    Rockwellautomation
    5.008 – 5.028
  • Rockwellautomation 1756 En2f Series C

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2f Series C Firmware

    OS
    Rockwellautomation
    ≤ 11.002
  • Rockwellautomation 1756 En2tk Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tk Series A Firmware

    OS
    Rockwellautomation
    5.008 – 5.028
  • Rockwellautomation 1756 En2tk Series B

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tk Series B Firmware

    OS
    Rockwellautomation
    5.008 – 5.028
  • Rockwellautomation 1756 En2tk Series C

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tk Series C Firmware

    OS
    Rockwellautomation
    5.008 – 5.028
  • Rockwellautomation 1756 En2tpk Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tpk Series A Firmware

    OS
    Rockwellautomation
    ≤ 11.002
  • Rockwellautomation 1756 En2tp Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tp Series A Firmware

    OS
    Rockwellautomation
    ≤ 11.002
  • Rockwellautomation 1756 En2tpxt Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2tpxt Series A Firmware

    OS
    Rockwellautomation
    ≤ 11.002
  • Rockwellautomation 1756 En2trk Series A

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2trk Series A Firmware

    OS
    Rockwellautomation
    5.008 – 5.028
  • Rockwellautomation 1756 En2trk Series B

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2trk Series B Firmware

    OS
    Rockwellautomation
    5.008 – 5.028
  • Rockwellautomation 1756 En2trk Series C

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation 1756 En2trk Series C Firmware

    OS
    Rockwellautomation
    ≤ 11.002
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2023-3595CRITICAL9.8ten sam produkt

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication...

CVE-2025-8007HIGH7.1ten sam produkt

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Conc...

CVE-2025-8008HIGH7.1ten sam produkt

A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages du...

CVE-2018-17924HIGH8.6ten sam produkt

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticate...

CVE-2023-20198CRITICAL10.0⚠ KEVten sam vendor

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...