CVE-2023-0027
MEDIUMRockwell Automation Modbus TCP Server AOI <2.04.00 - Info Disclosure
Title source: llmDescription
Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information.
References (1)
Core 1
Core References
Permissions Required, Vendor Advisory
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138766
Scores
CVSS v3
5.3
EPSS
0.0006
EPSS Percentile
19.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
rockwellautomation/modbus_tcp_server_add_on_instructions
2.00.00 - 2.04.00
Published
Mar 17, 2023
Tracked Since
Feb 18, 2026