U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

US CISA warns of Rockwell Automation ControlLogix flaws

The U.S. CISA warns of two flaws impacting Rockwell Automation ControlLogix that can lead to remote code execution and DoS attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of two vulnerabilities affecting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and trigger a […]

CISA BlueHammer (CVE-2026-33825)

The U.S. CISA warns of two flaws impacting Rockwell Automation ControlLogix that can lead to remote code execution and DoS attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of two vulnerabilities affecting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and trigger a denial-of-service condition.

The first vulnerability, tracked as CVE-2023-3595 (CVSS score: 9.8), is an out-of-bounds write flaw that impacts 1756 EN2* and 1756 EN3* products. An attacker can trigger the vulnerability to achieve arbitrary code execution with persistence on the target system by sending maliciously crafted common industrial protocol (CIP) messages to the vulnerable devices

The second vulnerability, tracked as CVE-2023-3596 (CVSS score: 7.5), is an out-of-bounds write flaw impacting 1756 EN4* products. An attacker can trigger the flaw by sending maliciously crafted CIP messages to the vulnerable devices causing a DoS condition.

“CISA released one Critical Industrial Control Systems (ICS) advisory on July 12, 2023.” reads the advisory published by CISA. “This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. 

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.”

“Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access of the running memory of the module and perform malicious activity.” continues the ICS advisory.

Impacted devices are 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT.

CISO recommends installing firmware updates released by Rockwell Automation, it also suggests to properly segmenting networks and implementing detection signatures.

In coordination with the U.S. government, Rockwell Automation has analyzed exploits developed by APT groups and targeting communication modules by Rockwell Automation in specific ControlLogix EtherNet/IP (ENIP) communication module models. The attackers developed exploits for the above issues , researchers from ICS cybersecurity firm Dragos reported.

“The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but they could lead to denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control for disruptive or destructive consequences on the industrial process for which the ControlLogix system is responsible.” reads the advisory published by Dragos. “Dragos advises all ICS/OT asset owners to identify assets with impacted communications modules and update their Rockwell Automation ControlLogix firmware to the latest version as soon as possible.

The researchers pointed out that the exploitation of the flaw CVE-2023-3595 is similar to the exploitation of the zero-day issue employed by XENOTIME in the TRISIS attack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ICS)