OpenCVE

Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rockwellautomation	Modbus Tcp Server Add On Instructions

Configuration 1 [-]

cpe:2.3:a:rockwellautomation:modbus_tcp_server_add_on_instructions:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138766

History

No history.

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2023-03-17T16:52:21.564Z

Updated: 2024-08-02T04:54:32.559Z

Reserved: 2022-12-29T14:01:39.460Z

Link: CVE-2023-0027

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-17T17:15:11.307

Modified: 2023-11-07T03:59:28.147

Link: CVE-2023-0027

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0027", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2022-12-29T14:01:39.460Z", "datePublished": "2023-03-17T16:52:21.564Z", "dateUpdated": "2024-08-02T04:54:32.559Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Modbus TCP Server Add On Instructions", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "2.00.00 - 2.00.03"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai, India reported this to Rockwell Automation."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device\u2019s Modbus TCP Server AOI information.<br><br>"}], "value": "Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device\u2019s Modbus TCP Server AOI information.\n\n"}], "impacts": [{"capecId": "CAPEC-117", "descriptions": [{"lang": "en", "value": "CAPEC-117 Interception"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2023-03-17T16:52:21.564Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138766"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Customers should update their software to versions 2.04.00 and later to mitigate this issue."}], "value": "Customers should update their software to versions 2.04.00 and later to mitigate this issue."}], "source": {"discovery": "UNKNOWN"}, "title": "Rockwell Automation Modbus TCP AOI Server Could Leak Sensitive Information", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.559Z"}, "title": "CVE Program Container", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138766", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:modbus_tcp_server_add_on_instructions:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D5053BE-2C68-4505-8B9D-D80A58C28952", "versionEndExcluding": "2.04.00", "versionStartIncluding": "2.00.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device\u2019s Modbus TCP Server AOI information.\n\n"}], "id": "CVE-2023-0027", "lastModified": "2023-11-07T03:59:28.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2023-03-17T17:15:11.307", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138766"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}