Vulnerabilities (CVE)

Filtered by vendor Rockwellautomation Subscribe
Filtered by product 1756-en2f Series A
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2262 1 Rockwellautomation 66 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 63 more 2024-02-28 N/A 9.8 CRITICAL
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.
CVE-2023-3595 1 Rockwellautomation 24 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 21 more 2024-02-28 N/A 9.8 CRITICAL
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
CVE-2018-17924 1 Rockwellautomation 32 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 29 more 2024-02-28 7.8 HIGH 8.6 HIGH
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.