cbcvebase.
CVE-2023-48692
published 2023-12-05

CVE-2023-48692: Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.13%
86.3th percentile
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
azure-rtosnetxduo< 6.3.06.3.0
microsoftazure_rtos_netx_duo< 6.3.06.3.0

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-48692 involves memory overflow vulnerabilities in Azure RTOS NetX Duo affecting the following protocol processing components: icmp, tcp, snmp, dhcp, nat, and ftp. Monitor for anomalous or malformed packets targeting these protocol handlers on embedded/ICS devices running NetX Duo v6.2.1 and below.
  • Rockwell Automation Micro800 PLCs (Micro820 LC20, Micro850 LC50, Micro870 LC70, Micro850 L50E, Micro870 L70E) running affected firmware versions are vulnerable to remote code execution via CVE-2023-48692. Prioritize detection/monitoring of network traffic to these devices.
  • ·CVE-2023-48692 affects Azure RTOS NetX Duo v6.2.1 and below. The fix is included in NetX Duo release 6.3.0. Affected Rockwell Automation Micro800 firmware versions are: Micro820 LC20 prior to V14.011, Micro850/870 LC50/LC70 prior to V12.013, and Micro850/870 L50E/L70E versions V20.011 through V22.011.
  • ·No known public exploitation specifically targeting CVE-2023-48692 has been reported to CISA at this time.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.