Cyber Resilience

CVE-2023-3595

Critical

Published: 12 July 2023

Published
12 July 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3881 97.4th percentile
Risk Priority 43 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-3595 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Rockwellautomation 1756-En2F Series A Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability is an out-of-bounds write (CWE-787) affecting Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products. It enables remote code execution with persistence when the device processes maliciously crafted CIP messages, with a CVSS 3.1 base score of 9.8 reflecting network-accessible, unauthenticated attack complexity.

An unauthenticated remote attacker can send specially formed CIP messages to achieve persistent code execution on the affected modules. Successful exploitation grants the ability to modify, deny, or exfiltrate data traversing the device.

Rockwell Automation has published mitigation guidance in its security advisory at https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010.

The EPSS score has remained near its peak value of 0.3940 with a current value of 0.3881, indicating sustained but not sharply increasing exploitation interest since disclosure.

EU & UK References

Vulnerability details

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes…

more

the ability to modify, deny, and exfiltrate data passing through the device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

rockwellautomation
1756-en2f series a firmware
all versions
rockwellautomation
1756-en2f series b firmware
all versions
rockwellautomation
1756-en2f series c firmware
all versions
rockwellautomation
1756-en2t series a firmware
all versions
rockwellautomation
1756-en2t series b firmware
all versions
rockwellautomation
1756-en2t series c firmware
all versions
rockwellautomation
1756-en2t series d firmware
all versions
rockwellautomation
1756-en2tr series a firmware
all versions
rockwellautomation
1756-en2tr series b firmware
all versions
rockwellautomation
1756-en2tr series c firmware
all versions
+2 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References