Severity:
Critical
Advisory ID:
PN1624
Fecha de publicación:
May 11, 2023
Última actualización:
October 16, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
Sí
Workaround:
No
CVE IDs
CVE-2023-1834
Descargas
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
Resumen
Open Ports Vulnerability in Kinetix 5500 EtherNet/IP Servo Drive
Revision History
Revision Number
1.0
Revision History
Version 1.0 - May 11, 2023
Affected Products
Affected Product | First Known in Firmware Revision | Corrected in Firmware Revision |
Kinetix 5500 manufactured between May 2022 and January 2023 *The manufacturing date of the drive is stated on the product label. |
v7.13 | Customers should upgrade to versions v7.14 or later to close the ports, which mitigates this issue. |
Vulnerability Details
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.
CVE-2023-1834 IMPACT
Rockwell Automation was made aware that Kinetix® 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default.
Known Exploited Vulnerability (KEV) database:
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment specific prioritization.
CVE-2023-1834 IMPACT
Rockwell Automation was made aware that Kinetix® 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default.
CVSS Base Score: 9.4/10
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE: CWE 284 Improper Access Control
Known Exploited Vulnerability (KEV) database:
No
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment specific prioritization.
Risk Mitigation & User Action
Customers using the affected drives are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customer to implement our suggested security best practices to minimize risk of the vulnerability.
- Upgrade to v7.14
- QA43240 - Recommended Security Guidelines from Rockwell Automation
Additional Resources
Copyright ©2022 Rockwell Automation, Inc.