PT-2023-3019 · Rockwell Automation · Kinetix 5500 Drives
Published
2023-05-11
·
Updated
2023-05-22
·
CVE-2023-1834
CVSS v2.0
9.7
Critical
| Vector | AV:N/AC:L/Au:N/C:P/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Kinetix 5500 drives version 7.13
Description
The issue is related to inadequate access control in the Kinetix 5500 drives' firmware, which may allow unauthorized access to the device through open telnet and FTP ports. This could potentially enable attackers to gain access to the device. The affected devices were manufactured between May 2022 and January 2023.
Recommendations
For Kinetix 5500 drives version 7.13, consider disabling the telnet and FTP ports as a temporary workaround to minimize the risk of exploitation. Restrict access to these ports to prevent unauthorized access to the device.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kinetix 5500 Drives