CVE-2023-3595
Published: 12 July 2023
Summary
CVE-2023-3595 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Rockwellautomation 1756-En2F Series A Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability is an out-of-bounds write (CWE-787) affecting Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products. It enables remote code execution with persistence when the device processes maliciously crafted CIP messages, with a CVSS 3.1 base score of 9.8 reflecting network-accessible, unauthenticated attack complexity.
An unauthenticated remote attacker can send specially formed CIP messages to achieve persistent code execution on the affected modules. Successful exploitation grants the ability to modify, deny, or exfiltrate data traversing the device.
Rockwell Automation has published mitigation guidance in its security advisory at https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010.
The EPSS score has remained near its peak value of 0.3940 with a current value of 0.3881, indicating sustained but not sharply increasing exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-44245
Vulnerability details
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes…
more
the ability to modify, deny, and exfiltrate data passing through the device.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.