Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ROCKWELL_CP_RESILIENCY_BIS.NASL
HistoryJul 12, 2023 - 12:00 a.m.

Rockwell Automation Select Communication Modules Out-of-Bounds Write (CVE-2023-3596)

2023-07-1200:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
rockwell automation
1756-en4
out-of-bounds write
denial of service
cip messages
firmware update
tenable
cisa

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.5%

JSON

A vulnerability exists in the 1756-EN4* products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501228);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2023-3596");
  script_xref(name:"CEA-ID", value:"CEA-2023-0032");

  script_name(english:"Rockwell Automation Select Communication Modules Out-of-Bounds Write (CVE-2023-3596)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability exists in the 1756-EN4* products, it could allow a malicious
user to cause a denial of service by asserting the target system through
maliciously crafted CIP messages.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://compatibility.rockwellautomation.com/Pages/MultiProductSelector.aspx?crumb=111
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a39743bf");
  # https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3ba6a760");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01");
  # https://www.rockwellautomation.com/en-us/support/advisory.PN1633.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?943d08b7");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Rockwell Automation has released the following versions to fix these vulnerabilities and can be addressed by performing
a standard firmware update. Customers are strongly encouraged to implement the risk mitigations provided below and to
the extent possible, to combine these with the security best practices to employ multiple strategies simultaneously.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-3596");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(787);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/12");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1756-en4tr_series_a_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1756-en4trk_series_a_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1756-en4trxt_series_a_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Rockwell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Rockwell');

var asset = tenable_ot::assets::get(vendor:'Rockwell');

var vuln_cpes = {
    "cpe:/o:rockwellautomation:1756-en4tr_series_a_firmware:-" :
        {"versionEndExcluding" : "5.002", "family" : "ControlLogix"},
    "cpe:/o:rockwellautomation:1756-en4trk_series_a_firmware:-" :
        {"versionEndExcluding" : "5.002", "family" : "ControlLogix"},
    "cpe:/o:rockwellautomation:1756-en4trxt_series_a_firmware:-" :
        {"versionEndExcluding" : "5.002", "family" : "ControlLogix"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
rockwellautomation1756-en4tr_series_a_firmwarecpe:/o:rockwellautomation:1756-en4tr_series_a_firmware
rockwellautomation1756-en4trk_series_a_firmwarecpe:/o:rockwellautomation:1756-en4trk_series_a_firmware
rockwellautomation1756-en4trxt_series_a_firmwarecpe:/o:rockwellautomation:1756-en4trxt_series_a_firmware

Related

cve 1
nvd 1
prion 1
cvelist 1
ics 1
thn 1
nessus 1
cve
cve
CVE-2023-3596
2023-07-12 13:15:09
nvd
nvd
CVE-2023-3596
2023-07-12 13:15:09
prion
prion
Design/Logic Flaw
2023-07-12 13:15:00
cvelist
cvelist
CVE-2023-3596 Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service
2023-07-12 12:51:19
ics
ics
Rockwell Automation Select Communication Modules
2023-07-12 12:00:00
thn
thn
Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks
2023-07-13 09:00:00
nessus
nessus
Rockwell Automation ControlLogix Communications Modules Multiple Vulnerabilities
2023-07-03 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.5%

JSON
Related for TENABLE_OT_ROCKWELL_CP_RESILIENCY_BIS.NASL
cve1nvd1prion1cvelist1ics1thn1nessus1