cbcvebase.
CVE-2023-2262
published 2023-09-20

CVE-2023-2262: A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.98%
57.7th percentile
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.

Affected

47 ranges· showing 25
VendorProductVersion rangeFixed in
rockwell_auotmation1756-en2tpxt_series_a
rockwell_automation1756-en2f_series_c
rockwell_automation1756-en2fk_series_c
rockwell_automation1756-en2t_series_d
rockwell_automation1756-en2tp_series_a
rockwell_automation1756-en2tpk_series_a
rockwell_automation1756-en2tr_series_c
rockwell_automation1756-en2trk_series_c
rockwell_automation1756-en2trxt_series_c
rockwell_automation1756-en2txt_series_d
rockwell_automation1756-en3tr_series_a
rockwell_automation1756-en3tr_series_b
rockwell_automation1756-en3trk_series_a
rockwell_automation1756-en3trk_series_b
rockwellautomation1756-en2f_series_a_firmware5.008 – 5.028
rockwellautomation1756-en2f_series_b_firmware5.008 – 5.028
rockwellautomation1756-en2f_series_c_firmware<= 11.002
rockwellautomation1756-en2fk_series_a_firmware5.008 – 5.028
rockwellautomation1756-en2fk_series_b_firmware5.008 – 5.028
rockwellautomation1756-en2fk_series_c_firmware<= 11.002
rockwellautomation1756-en2t_series_a_firmware5.008 – 5.028
rockwellautomation1756-en2t_series_b_firmware5.008 – 5.028
rockwellautomation1756-en2t_series_c_firmware5.008 – 5.028
rockwellautomation1756-en2t_series_d_firmware<= 11.002
rockwellautomation1756-en2tk_series_a_firmware5.008 – 5.028

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a maliciously crafted CIP (Common Industrial Protocol) request sent to affected 1756-EN* devices; monitor for anomalous or malformed CIP traffic targeting these devices
  • Restrict and monitor SMTP port 25 traffic to/from affected Rockwell 1756-EN2/EN3 devices as an attack surface indicator
  • ·Vulnerability is exploitable remotely with no authentication and low attack complexity (CVSS 9.8); no public exploit has been reported to CISA at time of advisory publication
  • ·The email object attack surface (SMTP/port 25) applies only to EN2/EN3 firmware versions 10.x and higher; disabling the email object is a recommended mitigation if not needed
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.