Rockwell Automation Stratix 5800 & 5200 Cisco IOS XE Web UI Privilege Escalation (CVE-2023-20198)

critical Tenable OT Security Plugin ID 501759


The remote OT asset is affected by a vulnerability.


This vulnerability in the Web UI feature of Cisco IOS XE Software allows a remote, unauthenticated threat actor to create an account on a vulnerable system with privilege level 15 access. The threat actor could then potentially use that account to gain control of the affected system.

This plugin only works with Tenable.ot.
Please visit for more information.


Rockwell strongly encourages customers to follow guidance disabling Stratix HTTP servers on all internet-facing systems. See Rockwell Automation's security advisory for more information.

See Also

Plugin Details

Severity: Critical

ID: 501759

Version: 1.7

Type: remote

Family: Tenable.ot

Published: 10/24/2023

Updated: 4/16/2024

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Critical

Score: 10.0


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-20198


Risk Factor: Critical

Base Score: 10

Temporal Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:rockwellautomation:allen-bradley_stratix_5200, cpe:/h:rockwellautomation:allen-bradley_stratix_5800

Required KB Items: Tenable.ot/Rockwell

Exploit Available: true

Exploit Ease: Exploits are available

CISA Known Exploited Vulnerability Due Dates: 10/20/2023

Exploitable With

Core Impact

Metasploit (Cisco IOX XE Unauthenticated RCE Chain)

Reference Information

CVE: CVE-2023-20198