Severity
High
Analysis Summary
CVE-2023-3596 CVSS:9.8
Rockwell Automation products are vulnerable to a denial of service, caused by an out-of-bounds write. By sending specially crafted CIP messages, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-3595 CVSS:9.8
Rockwell Automation products could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By sending specially crafted CIP messages, an attacker could exploit this vulnerability to execute arbitrary code on the system, obtain sensitive information, or cause a denial of service.
Impact
- Denial of Service
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-3596
- CVE-2023-3595
Affected Vendors
Rockwell Automation
Affected Products
- Rockwell Automation 1756-EN4TR Series A 5.001
- Rockwell Automation 1756-EN4TRK Series A 5.001
- Rockwell Automation 1756-EN2F Series C 11.003
- Rockwell Automation 1756-EN3TR Series B 11.003
Remediation
Refer to Rockwell Automation Web site for patch, upgrade or suggested workaround information.