CVE-2023-3595

Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution

Description

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

Remediation

Solution:

  • * Update firmware. Update EN2* ControlLogix communications modules to mitigated firmware. * Properly segment networks. Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. * Implement detection signatures. Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices.

Category

9.8
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 11.81% Top 10%
Vendor Advisory custhelp.com
Affected: Rockwell Automation 1756-EN2T Series A, B, C
Affected: Rockwell Automation 1756-EN2T Series D
Affected: Rockwell Automation 1756-EN2TK Series A, B, C
Affected: Rockwell Automation 1756-EN2TXT Series A, B, C
Affected: Rockwell Automation 1756-EN2TXT Series D
Affected: Rockwell Automation 1756-EN2TP Series A
Affected: Rockwell Automation 1756-EN2TPK Series A
Affected: Rockwell Auotmation 1756-EN2TPXT Series A
Affected: Rockwell Automation 1756-EN2TR Series A, B
Affected: Rockwell Automation 1756-EN2TR Series C
Affected: Rockwell Automation 1756-EN2TRK Series A, B
Affected: Rockwell Automation 1756-EN2TRK Series C
Affected: Rockwell Automation 1756-EN2TRXT Series A, B
Affected: Rockwell Automation 1756-EN2TRXT Series C
Affected: Rockwell Automation 1756-EN2F Series A, B
Affected: Rockwell Automation 1756-EN2F Series C
Affected: Rockwell Automation 1756-EN2FK Series A, B
Affected: Rockwell Automation 1756-EN2FK Series C
Affected: Rockwell Automation 1756-EN3TR Series A
Affected: Rockwell Automation 1756-EN3TR Series B
Affected: Rockwell Automation 1756-EN3TRK Series A
Affected: Rockwell Automation 1756-EN3TRK Series B
Published at:
Updated at:

References

Link Tags
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010 vendor advisory permissions required

Frequently Asked Questions

What is the severity of CVE-2023-3595?
CVE-2023-3595 has been scored as a critical severity vulnerability.
How to fix CVE-2023-3595?
To fix CVE-2023-3595: * Update firmware. Update EN2* ControlLogix communications modules to mitigated firmware. * Properly segment networks. Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. * Implement detection signatures. Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices.
Is CVE-2023-3595 being actively exploited in the wild?
It is possible that CVE-2023-3595 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~12% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-3595?
CVE-2023-3595 affects Rockwell Automation 1756-EN2T Series A, B, C, Rockwell Automation 1756-EN2T Series D, Rockwell Automation 1756-EN2TK Series A, B, C, Rockwell Automation 1756-EN2TXT Series A, B, C, Rockwell Automation 1756-EN2TXT Series D, Rockwell Automation 1756-EN2TP Series A, Rockwell Automation 1756-EN2TPK Series A, Rockwell Auotmation 1756-EN2TPXT Series A, Rockwell Automation 1756-EN2TR Series A, B, Rockwell Automation 1756-EN2TR Series C, Rockwell Automation 1756-EN2TRK Series A, B, Rockwell Automation 1756-EN2TRK Series C, Rockwell Automation 1756-EN2TRXT Series A, B, Rockwell Automation 1756-EN2TRXT Series C, Rockwell Automation 1756-EN2F Series A, B, Rockwell Automation 1756-EN2F Series C, Rockwell Automation 1756-EN2FK Series A, B, Rockwell Automation 1756-EN2FK Series C, Rockwell Automation 1756-EN3TR Series A, Rockwell Automation 1756-EN3TR Series B, Rockwell Automation 1756-EN3TRK Series A, Rockwell Automation 1756-EN3TRK Series B.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.