Severity:
High
Advisory ID:
PN1634
Fecha de publicación:
July 18, 2023
Última actualización:
July 18, 2023
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2023-2263
Resumen
Kinetix® 5700 DC Bus Power Supply Series A – CIP Message Attack Could Cause Denial-Of-Service
Revision History
Revision Number
1.0
Revision History
Version 1.0 – July 18, 2023
Affected Products
Affected Product | First Known in Firmware Revision | Corrected in Firmware Revision |
Kinetix® 5700 DC Bus Power Supply – Series A | V13.001 | V13.003 |
Vulnerability Details
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities. The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improve their business or production environments.
CVE-2023-2263 IMPACT
The Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack.
Known Exploited Vulnerability (KEV) database:
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
CVE-2023-2263 IMPACT
The Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack.
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400: Uncontrolled Resource Consumption
Known Exploited Vulnerability (KEV) database:
No
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
Risk Mitigation & User Action
Customers using the affected software are encouraged to apply the risk mitigations below, if possible.
- Upgrade to V13.003 or later which has been patched to mitigate these issues.
- For information on how to mitigate Security Risks on industrial automation control systems (IACS) networks see the following publications:
- Additionally, we encourage the customer to implement our QA43240 - Recommended Security Guidelines from Rockwell Automation to minimize risk of the vulnerability.
Additional Resources
Copyright ©2022 Rockwell Automation, Inc.