CVE-2023-3595
published 2023-07-12CVE-2023-3595: Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.64%
88.2th percentile
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_auotmation | 1756-en2tpxt_series_a | — | — |
| rockwell_automation | 1756-en2f_series_c | — | — |
| rockwell_automation | 1756-en2fk_series_c | — | — |
| rockwell_automation | 1756-en2t_series_d | — | — |
| rockwell_automation | 1756-en2tp_series_a | — | — |
| rockwell_automation | 1756-en2tpk_series_a | — | — |
| rockwell_automation | 1756-en2tr_series_c | — | — |
| rockwell_automation | 1756-en2trk_series_c | — | — |
| rockwell_automation | 1756-en2trxt_series_c | — | — |
| rockwell_automation | 1756-en2txt_series_d | — | — |
| rockwell_automation | 1756-en3tr_series_a | — | — |
| rockwell_automation | 1756-en3tr_series_b | — | — |
| rockwell_automation | 1756-en3trk_series_a | — | — |
| rockwell_automation | 1756-en3trk_series_b | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
Snort signatures for anomalous CIP packets to Rockwell Automation devices (see Rockwell Automation Security Advisory)
- →Detect exploitation attempts by monitoring for maliciously crafted CIP messages targeting Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication modules; exploitation enables RCE with persistence including data modification, denial, and exfiltration. ↗
- →Use the 'ENIP CIP Unusual Lengths' detection to identify possible exploitation of CVE-2023-3595 and CVE-2023-3596 against Rockwell Automation ControlLogix controllers via anomalous EtherNet/IP CIP packet lengths. ↗
- →Passive monitoring of ICS network traffic (e.g., at DMZ, core switches, entry/egress points) can identify active exploitation of CVE-2023-3595 via anomalous CIP protocol behavior. ↗
- →Attribution context: these vulnerabilities were disclosed in coordination with the U.S. government citing a novel exploit capability attributed to APT actors known for cyberactivity involving industrial systems, with possible intent to target critical infrastructure worldwide. ↗
- ·Once a module is updated to signed firmware, it cannot be reverted to unsigned firmware versions — plan upgrades accordingly. ↗
- ·Traditional IT vulnerability scanners will not discover nested/indirectly connected ControlLogix assets; CIP-aware active scanning is required for full asset visibility in ICS environments. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation Select Communication Modules
cisa_ics·2023-07-12
Rockwell Automation Select Communication Modules
ICS Advisory
##
Rockwell Automation Select Communication Modules
Release DateJuly 12, 2023
Alert CodeICSA-23-193-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT
- Vulnerabilities: Out-of-bounds Write
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access of the running memory of the module and perform malicious activity.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Rockwell Automation
GHSA
GHSA-qvv4-3g8f-rgjx: Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious use
ghsa_unreviewed·2023-07-12
CVE-2023-3595 [CRITICAL] CWE-787 GHSA-qvv4-3g8f-rgjx: Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious use
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
VulnCheck
rockwellautomation 1756-en2f_series_a_firmware Out-of-bounds Write
vulncheck·2023·CVSS 9.8
CVE-2023-3595 [CRITICAL] rockwellautomation 1756-en2f_series_a_firmware Out-of-bounds Write
rockwellautomation 1756-en2f_series_a_firmware Out-of-bounds Write
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
Affected: rockwellautomation 1756-en2f_series_a_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://hub.dragos.com/hubfs/312-Year-in-Review/2023/Dragos-2023-Year-in-Review-Full-Report.pdf
No detection rules found.
No public exploits indexed.
Dragos
Year in Review
blogs_dragos·2025-08-20
Year in Review
OT Cyber Assessment Evaluate & evolve architecture
Red Team Services Identify vulnerabilities
OT Tabletop Exercises Scenarios to evaluate response
Incident Response OT experts responding to your worst day
OT Cybersecurity Basics Build a stronger OT security strategy
5 Critical Controls SANS ICS framework for defense
Industrial Risk Management Quantifying OT risk and dependencies
Monitoring Threat Groups Know your adversary
Year in Review Report 9th annual threat report
OT Compliance NIS2, CAF v4, SOCI/SONS, TSA, & more
NERC CIP Dragos Alignment
INSM Compliance Path for NERC-CIP-015
RESOURCES
Threat Reports
Whitepapers
Datasheets
Solution Briefs
Case Studies
Blog
Webinars
Dragos Industrial Security Conference
COMMUNITY
OT-CERT Program
Community Defense Program
DRAGOS
Tenable
Rockwell Automation: Disconnect OT Devices with Public-Facing Internet Access, Patch or Mitigate Logix, FactoryTalk CVEs
blogs_tenable·2024-06-05
Rockwell Automation: Disconnect OT Devices with Public-Facing Internet Access, Patch or Mitigate Logix, FactoryTalk CVEs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Rockwell Automation warns admins to take ICS devices offline
blogs_bleepingcomputer·2024-05-21·CVSS 9.8
[CRITICAL] Rockwell Automation warns admins to take ICS devices offline
## Rockwell Automation warns admins to take ICS devices offline
## Sergiu Gatlan
Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide.
Network defenders should never configure such devices to allow remote connections from systems outside the local network. By taking them offline, they can drastically reduce their organizations' attack surface.
This ensures that threat actors will no longer have direct access to systems that may not yet be patched against security vulnerabilities, allowing attackers to gain access to their targets' internal networks.
"Due to heightened geopolitical tensions and adversarial cyber activity globally, Rockwell Automation is
Tenable
How to Tackle OT Challenges: Asset Inventory and Vulnerability Assessment
blogs_tenable·2023-12-11
How to Tackle OT Challenges: Asset Inventory and Vulnerability Assessment
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Cybersecurity Snapshot: CISA Calls on Software Makers To Use Memory Safe Languages, as OpenSSF Issues Secure Software Principles
blogs_tenable·2023-12-08
Cybersecurity Snapshot: CISA Calls on Software Makers To Use Memory Safe Languages, as OpenSSF Issues Secure Software Principles
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Cybersecurity Snapshot: SANS Offers Tips for Maximizing Smaller OT Security Budgets
blogs_tenable·2023-10-06
Cybersecurity Snapshot: SANS Offers Tips for Maximizing Smaller OT Security Budgets
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Dragos
New Knowledge Pack Released (KP Plus 5.0)
blogs_dragos·2023-09-06
New Knowledge Pack Released (KP Plus 5.0)
OT Cybersecurity Basics Build a stronger OT security strategy
5 Critical Controls SANS ICS framework for defense
Industrial Risk Management Quantifying OT risk and dependencies
Monitoring Threat Groups Know your adversary
Year in Review Report 9th annual threat report
OT Compliance NIS2, CAF v4, SOCI/SONS, TSA, & more
NERC CIP Dragos Alignment
INSM Compliance Path for NERC-CIP-015
RESOURCES
Threat Reports
Whitepapers
Datasheets
Solution Briefs
Case Studies
Blog
Webinars
Dragos Industrial Security Conference
COMMUNITY
OT-CERT Program
Community Defense Program
DRAGOS ACADEMY
On-Demand Training
About Dragos Safeguarding civilization
Leadership Experts in defense
Newsroom Up-to-date cyber news
Careers Current job openings
Event Calendar Connect in person
Dragos Indus
Tenable
What's New in Tenable OT Security 3.16: Elevating Building Management System Security and User Experience
blogs_tenable·2023-08-01
What's New in Tenable OT Security 3.16: Elevating Building Management System Security and User Experience
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Cybersecurity Snapshot: SEC Wants More Cybersecurity Transparency from Public Companies
blogs_tenable·2023-07-28
Cybersecurity Snapshot: SEC Wants More Cybersecurity Transparency from Public Companies
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Finding Rockwell Automation Allen-Bradley Communication Modules Affected by CVE-2023-3595 and CVE-2023-3596 in OT Environments
blogs_tenable·2023-07-12·CVSS 9.8
[CRITICAL] Finding Rockwell Automation Allen-Bradley Communication Modules Affected by CVE-2023-3595 and CVE-2023-3596 in OT Environments
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Dragos
Dragos Enabled Defense Against APT Exploits for Rockwell Automation ControlLogix
blogs_dragos·2023-07-12
Dragos Enabled Defense Against APT Exploits for Rockwell Automation ControlLogix
OT Cybersecurity Basics Build a stronger OT security strategy
5 Critical Controls SANS ICS framework for defense
Industrial Risk Management Quantifying OT risk and dependencies
Monitoring Threat Groups Know your adversary
Year in Review Report 9th annual threat report
OT Compliance NIS2, CAF v4, SOCI/SONS, TSA, & more
NERC CIP Dragos Alignment
INSM Compliance Path for NERC-CIP-015
RESOURCES
Threat Reports
Whitepapers
Datasheets
Solution Briefs
Case Studies
Blog
Webinars
Dragos Industrial Security Conference
COMMUNITY
OT-CERT Program
Community Defense Program
DRAGOS ACADEMY
On-Demand Training
About Dragos Safeguarding civilization
Leadership Experts in defense
Newsroom Up-to-date cyber news
Careers Current job openings
Event Calendar Connect in person
Dragos Indus
Tenable
CVE-2023-3595, CVE-2023-3596: Rockwell Automation ControlLogix Vulnerabilities Disclosed
blogs_tenable·2023-07-12·CVSS 9.8
[CRITICAL] CVE-2023-3595, CVE-2023-3596: Rockwell Automation ControlLogix Vulnerabilities Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2023-07-12
Published
Exploited in the wild