Rockwell Automation issued an advisory in conjunction with the US government regarding an exploit capability in its ControlLogix EtherNet/IP communication modules. Tracked as CVE-2023-3595, the flaw allows attackers to achieve remote code execution with persistence in the 1756 EN2 and 1756 EN3 products.

Threat actors might take advantage of this flaw through the use of specially prepared Common Industrial Protocol (CIP) messages to alter, impede, or exfiltrate data as it flows through a device. CVE-2023-3596 is a high-severity denial-of-service bug that affects the 1756-EN4 product. Rockwell Automation provided firmware updates for all impacted products as well as potential indicators of compromise. The US Cybersecurity and Infrastructure Agency (CISA) assisted Rockwell in investigating and reporting the vulnerabilities.

Read More: