Revision History
Revision Number
1.0
Revision History
Version 1.0 – September 19, 2023
Executive Summary
The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improving their business or production environments. This vulnerability is not related to PN1633 - Remote Code Execution and Denial-of-Service Vulnerabilities in Select Communication Modules .
Affected Products
| Affected Catalog | Series | Affected Firmware Version | Corrected in Firmware Version |
| 1756-EN2T 1756-EN2TK 1756-EN2TXT |
A, B, C | <=5.008 and 5.028 | Update to 5.009 and 5.029 or later |
| D | <=11.002 | Update to >=11.003 or later | |
| 1756-EN2TP 1756-EN2TPK 1756-EN2TPXT |
A | <=11.002 | Update to >=11.003 or later |
| 1756-EN2TR 1756-EN2TRK 1756-EN2TRXT |
A, B | <=5.008 and 5.028 | Update to 5.009 and 5.029 or later |
| C | <=11.002 | Update to >=11.003 or later | |
| 1756-EN2F 1756-EN2FK |
A, B | <=5.008 and 5.028 | Update to 5.009 and 5.029 or later |
| C | <=11.002 | Update to >=11.003 or later | |
| 1756-EN3TR 1756-EN3TRK |
A | <=5.008 and 5.028 | Update to 5.009 and 5.029 or later |
| B | <=11.002 | Update to >=11.003 or later |
Vulnerability Details
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.
CVE-2023-2262 IMPACT
A buffer overflow vulnerability exists in select communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.
CVSS Base Score: 9.8/10
CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121: Stack-based Buffer Overflow
Known Exploited Vulnerability (KEV) database: No
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
Risk Mitigation & User Action
Customers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.
- Restrict traffic to the SMTP port (25), if not needed.
- Customers using the EN2/EN3 versions 10.x and higher can disable the email object, if not needed. Instructions can be found in the EtherNet/IP Network Devices User Manual (rockwellautomation.com), publication ENET-UM006.
- QA43240 - Recommended Security Guidelines from Rockwell Automation
