Detections
Analytics
Rockwell Automation Select Communication Modules Out-of-Bounds Write (CVE-2023-3595)
critical Tenable OT Security Plugin ID 501226
Synopsis
The remote OT asset is affected by a vulnerability.Description
A vulnerability exists in the 1756 EN2* and 1756 EN3* products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Rockwell Automation has released the following versions to fix these vulnerabilities and can be addressed by performing a standard firmware update. Customers are strongly encouraged to implement the risk mitigations provided below and to the extent possible, to combine these with the security best practices to employ multiple strategies simultaneously.
See Also
http://www.nessus.org/u?a39743bf
http://www.nessus.org/u?3ba6a760
https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01
Plugin Details
Severity: Critical
ID: 501226
Version: 1.10
Type: remote
Family: Tenable.ot
Published: 7/3/2023
Updated: 3/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2023-3595
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:rockwellautomation:1756-en2t_series_a_firmware, cpe:/o:rockwellautomation:1756-en2t_series_b_firmware, cpe:/o:rockwellautomation:1756-en2t_series_c_firmware, cpe:/o:rockwellautomation:1756-en2t_series_d_firmware, cpe:/o:rockwellautomation:1756-en2tk_series_a_firmware, cpe:/o:rockwellautomation:1756-en2tk_series_b_firmware, cpe:/o:rockwellautomation:1756-en2tk_series_c_firmware, cpe:/o:rockwellautomation:1756-en2tk_series_d_firmware, cpe:/o:rockwellautomation:1756-en2txt_series_a_firmware, cpe:/o:rockwellautomation:1756-en2txt_series_b_firmware, cpe:/o:rockwellautomation:1756-en2txt_series_c_firmware, cpe:/o:rockwellautomation:1756-en2txt_series_d_firmware, cpe:/o:rockwellautomation:1756-en2tp_series_a_firmware, cpe:/o:rockwellautomation:1756-en2tpk_series_a_firmware, cpe:/o:rockwellautomation:1756-en2tpxt_series_a_firmware, cpe:/o:rockwellautomation:1756-en2tr_series_a_firmware, cpe:/o:rockwellautomation:1756-en2tr_series_b_firmware, cpe:/o:rockwellautomation:1756-en2tr_series_c_firmware, cpe:/o:rockwellautomation:1756-en2trk_series_a_firmware, cpe:/o:rockwellautomation:1756-en2trk_series_b_firmware, cpe:/o:rockwellautomation:1756-en2trk_series_c_firmware, cpe:/o:rockwellautomation:1756-en2trxt_series_a_firmware, cpe:/o:rockwellautomation:1756-en2trxt_series_b_firmware, cpe:/o:rockwellautomation:1756-en2trxt_series_c_firmware, cpe:/o:rockwellautomation:1756-en2f_series_a_firmware, cpe:/o:rockwellautomation:1756-en2f_series_b_firmware, cpe:/o:rockwellautomation:1756-en2f_series_c_firmware, cpe:/o:rockwellautomation:1756-en2fk_series_a_firmware, cpe:/o:rockwellautomation:1756-en2fk_series_b_firmware, cpe:/o:rockwellautomation:1756-en2fk_series_c_firmware, cpe:/o:rockwellautomation:1756-en3tr_series_a_firmware, cpe:/o:rockwellautomation:1756-en3tr_series_b_firmware, cpe:/o:rockwellautomation:1756-en3trk_series_a_firmware, cpe:/o:rockwellautomation:1756-en3trk_series_b_firmware
Required KB Items: Tenable.ot/Rockwell
Exploit Ease: No known exploits are available
Patch Publication Date: 7/1/2023
Vulnerability Publication Date: 7/12/2023
Reference Information
CVE: CVE-2023-3595
CWE: 787