CVE-2023-3596 - OpenCVE

Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rockwellautomation	1756-en4tr 1756-en4tr Firmware 1756-en4trk 1756-en4trk Firmware 1756-en4trxt 1756-en4trxt Firmware

Configuration 1 [-]

AND

cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:rockwellautomation:1756-en4trk_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:rockwellautomation:1756-en4trxt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010

History

No history.

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2023-07-12T12:51:19.498Z

Updated: 2024-08-02T07:01:56.685Z

Reserved: 2023-07-10T15:34:53.790Z

Link: CVE-2023-3596

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-12T13:15:09.947

Modified: 2023-07-20T19:51:44.103

Link: CVE-2023-3596

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3596", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2023-07-10T15:34:53.790Z", "datePublished": "2023-07-12T12:51:19.498Z", "dateUpdated": "2024-08-02T07:01:56.685Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "1756-EN4TR Series A", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<=5.001"}]}, {"defaultStatus": "unaffected", "product": "1756-EN4TRK Series A", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<=5.001"}]}, {"defaultStatus": "unaffected", "product": "1756-EN4TRXT Series A\t", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<=5.001"}]}], "datePublic": "2023-07-12T12:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.</span>\n\n"}], "value": "\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2023-07-12T13:16:21.672Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<ul><li><strong>Update firmware. </strong>Update EN4* ControlLogix communications modules to firmware revision 5.002. </li><li><strong>Properly segment networks.</strong> Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. </li><li><strong>Implement detection signatures.</strong> Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices. </li></ul>\n\n<br>"}], "value": "\n * Update firmware. Update EN4* ControlLogix communications modules to firmware revision 5.002.\u00a0\n * Properly segment networks.\u00a0Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. \n * Implement detection signatures.\u00a0Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices. \n\n\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:01:56.685Z"}, "title": "CVE Program Container", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB4EB5E2-9FB4-419E-B23A-458436E61121", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*", "matchCriteriaId": "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1756-en4trk_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEF09D94-1AE1-4449-8ECA-0A5B1F5019C9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BE4EFEA-79D9-4903-8272-49756A014BD4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1756-en4trxt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "12EE978F-DECE-4572-93AE-026D3EDC5878", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*", "matchCriteriaId": "E45471FA-99BF-4F57-BFC8-224BB9576670", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\n"}], "id": "CVE-2023-3596", "lastModified": "2023-07-20T19:51:44.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2023-07-12T13:15:09.947", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}