CVE-2023-2262

Summary

A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.

Affected Software

VendorProductVersion RangeStatus
Rockwell Automation1756-EN2T Series A, B, C<=5.008 & 5.028affected
Rockwell Automation1756-EN2T Series D<=11.002affected
Rockwell Automation1756-EN2TK Series A, B, C<=5.008 & 5.028affected
Rockwell Automation1756-EN2TXT Series A, B, C<=5.008 & 5.028affected
Rockwell Automation1756-EN2TXT Series D<=11.002affected
Rockwell Automation1756-EN2TP Series A<=11.002affected
Rockwell Automation1756-EN2TPK Series A<=11.002affected
Rockwell Auotmation1756-EN2TPXT Series A<=11.002affected
Rockwell Automation1756-EN2TR Series A, B<=5.008 & 5.028affected
Rockwell Automation1756-EN2TR Series C<=11.002affected
Rockwell Automation1756-EN2TRK Series A, B<=5.008 & 5.028affected
Rockwell Automation1756-EN2TRK Series C<=11.002affected
Rockwell Automation1756-EN2TRXT Series A, B<=5.008 & 5.028affected
Rockwell Automation1756-EN2TRXT Series C<=11.002affected
Rockwell Automation1756-EN2F Series A, B<=5.008 & 5.028affected
Rockwell Automation1756-EN2F Series C<=11.002affected
Rockwell Automation1756-EN2FK Series A, B<=5.008 & 5.028affected
Rockwell Automation1756-EN2FK Series C<=11.002affected
Rockwell Automation1756-EN3TR Series A<=5.008 & 5.028affected
Rockwell Automation1756-EN3TR Series B<=11.003affected
Rockwell Automation1756-EN3TRK Series A<=5.008 & 5.028affected
Rockwell Automation1756-EN3TRK Series B<=11.002affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References