CVE-2023-48691
published 2023-12-05CVE-2023-48691: Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.13%
86.3th percentile
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| azure-rtos | netxduo | < 6.3.0 | 6.3.0 |
| microsoft | azure_rtos_netx_duo | < 6.3.0 | 6.3.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-48691 targets the IGMP protocol processing component in Azure RTOS NetX Duo v6.2.1 and below; monitor for anomalous or malformed IGMP packets sent to embedded/IoT devices running NetX Duo. ↗
- →The vulnerability enables an out-of-bounds write exploitable remotely with no authentication and no user interaction (CVSS AV:N/AC:L/PR:N/UI:N); prioritize detection of unexpected IGMP traffic directed at Rockwell Automation Micro800 PLCs and other NetX Duo-based devices. ↗
- →Affected Rockwell Automation Micro800 product lines (Micro820 LC20, Micro850 LC50, Micro870 LC70, Micro850 L50E, Micro870 L70E) running firmware below the fixed versions should be treated as unpatched and monitored for exploitation attempts over the network. ↗
- ·No public exploit code or active exploitation has been reported; the vulnerability is in the IGMP processing stack of NetX Duo v6.2.1 and below, so detection relies on network-layer anomaly monitoring rather than host-based IOCs. ↗
- ·There are no known workarounds; the only remediation is upgrading to NetX Duo 6.3.0 or the respective fixed Micro800 firmware versions. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-05
Published