CVE-2023-1834
CRITICALRockwell Automation Kinetix 5500 - Info Disclosure
Title source: llmDescription
Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports.
References (2)
Core 2
Core References
Permissions Required
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139441
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-09
Scores
CVSS v3
9.4
EPSS
0.0063
EPSS Percentile
70.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
rockwellautomation/kinetix_5500_firmware
7.13
Published
May 11, 2023
Tracked Since
Feb 18, 2026