CVE-2023-3595

Name of the Vulnerable Software and Affected Versions Rockwell Automation 1756-EN2T version Rockwell Automation 1756-EN2TK version Rockwell Automation 1756-EN2TXT version Rockwell Automation 1756-EN2TP version Rockwell Automation 1756-EN2TPK version Rockwell Automation 1756-EN2TPXT version Rockwell Automation 1756-EN2TR version Rockwell Automation 1756-EN2TRK version Rockwell Automation 1756-EN2TRXT version Rockwell Automation 1756-EN2F version Rockwell Automation 1756-EN2FK version Rockwell Automation 1756-EN3TR version Rockwell Automation 1756-EN3TRK version Rockwell Automation 1756-EN4TR version Rockwell Automation 1756-EN4TRK version Rockwell Automation 1756-EN4TRXT version

Description The issue is related to a buffer overflow in the memory of Rockwell Automation communication modules. This could allow a remote attacker to execute arbitrary code using a specially crafted CIP package. The vulnerability may enable a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages, including the ability to modify, deny, and exfiltrate data passing through the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.