CVE-2023-3595
CRITICAL EXPLOITEDRockwell Automation ControlLogix 1756-EN2/EN3 - CIP Message Code Execution
Title source: manualExploitation Summary
CVE-2023-3595 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
References (1)
Core 1
Core References
Permissions Required, Vendor Advisory
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010
Scores
CVSS v3
9.8
EPSS
0.3940
EPSS Percentile
97.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2024-02-20
CWE
CWE-787
Status
published
Products (12)
rockwellautomation/1756-en2f_series_a_firmware
rockwellautomation/1756-en2f_series_b_firmware
rockwellautomation/1756-en2f_series_c_firmware
rockwellautomation/1756-en2t_series_a_firmware
rockwellautomation/1756-en2t_series_b_firmware
rockwellautomation/1756-en2t_series_c_firmware
rockwellautomation/1756-en2t_series_d_firmware
rockwellautomation/1756-en2tr_series_a_firmware
rockwellautomation/1756-en2tr_series_b_firmware
rockwellautomation/1756-en2tr_series_c_firmware
... and 2 more
Published
Jul 12, 2023
Tracked Since
Feb 18, 2026