CVE-2023-2262 CRITICAL

CVE-2023-2262: Rockwell Automation Select Logix Communication Modules Vulnerable to Email Object Buffer Overflow

Vendor Rockwell Automation
Product 1756-EN2T Series A, B, C
Weakness CWE-121
Published September 20, 2023
Last update September 25, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.

Key dates

02Disclosure timeline

September 20, 2023 CVE published
September 25, 2024 Record updated

Related vulnerabilities

04Related CVE