← Back to home
ICSA-23-193-01  ·  Published 2023-07-12  ·  View on CISA ICS-CERT ↗

Rockwell Automation Select Communication Modules

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access of the running memory of the module and perform malicious activity.

CVEs (2)

Remediations

  • Rockwell Automation has released the following versions to fix these vulnerabilities and can be addressed by performing a standard firmware update. Customers are strongly encouraged to implement the risk mitigations provided below and to the extent possible, to combine these with the security best practices to employ multiple strategies simultaneously.
  • 1756-EN2T Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2T Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2T Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2T Series D: Update to 11.004 or later
  • 1756-EN2TK Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TK Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TK Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TK Series D: Update to 11.004 or later
  • 1756-EN2TXT Series A: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TXT Series B: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TXT Series C: Update to 5.029 or later signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TXT Series D: Update to 11.004 or later
  • 1756-EN2TP Series A: Update to 11.004 or later
  • 1756-EN2TPK Series A: Update to 11.004 or later
  • 1756-EN2TPXT Series A: Update to 11.004 or later
  • 1756-EN2TR Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TR Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TR Series C: Update to 11.004 or later
  • 1756-EN2TRK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TRK Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TRK Series C: Update to 11.004 or later
  • 1756-EN2TRXT Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TRXT Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2TRXT Series C: Update to 11.004 or later
  • 1756-EN2F Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2F Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2F Series C: Update to 11.004 or later
  • 1756-EN2FK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2FK Series B: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN2FK Series C: Update to 11.004 or later
  • 1756-EN3TR Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN3TR Series B: Update to 11.004 or later
  • 1756-EN3TRK Series A: Update to 5.029 or later for signed versions (**recommended). Update to 5.009 for unsigned versions
  • 1756-EN3TRK Series B: Update to 11.004 or later
  • 1756-EN4TR Series A: Update to 5.002 or later
  • 1756-EN4TRK Series A: Update to 5.002 or later
  • 1756-EN4TRXT Series A: Update to 5.002 or later
  • ** Rockwell Automation strongly recommends updating to signed firmware if possible. Once the module is updated to signed firmware (example 5.008 to 5.0029), it is not possible to revert to unsigned firmware versions.
  • Organizations should take the following actions to further secure ControlLogix communications modules from exploitation:
  • Update firmware. Update EN2 * ControlLogix communications modules to firmware revision 11.004 and update EN4 * ControlLogix communications modules to firmware revision 5.002.
  • Properly segment networks. Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks.
  • Implement detection signatures. Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices.
  • For more information and to see Rockwell's detection rules, see Rockwell Automation's Security Advisory.

Affected Vendors

Rockwell Automation

Affected Products (58)

Rockwell Automation · 1756-EN2T Series A <= 5.008
Rockwell Automation · 1756-EN2T Series A <= 5.028
Rockwell Automation · 1756-EN2T Series B <= 5.008
Rockwell Automation · 1756-EN2T Series B <= 5.028
Rockwell Automation · 1756-EN2T Series C <= 5.008
Rockwell Automation · 1756-EN2T Series C <= 5.028
Rockwell Automation · 1756-EN2T Series D <= 11.003
Rockwell Automation · 1756-EN2TK Series A <= 5.008
Rockwell Automation · 1756-EN2TK Series A <= 5.028
Rockwell Automation · 1756-EN2TK Series B <= 5.008
Rockwell Automation · 1756-EN2TK Series B <= 5.028
Rockwell Automation · 1756-EN2TK Series C <= 5.008
Rockwell Automation · 1756-EN2TK Series C <= 5.028
Rockwell Automation · 1756-EN2TK Series D <= 11.003
Rockwell Automation · 1756-EN2TXT Series A <= 5.008
Rockwell Automation · 1756-EN2TXT Series A <= 5.028
Rockwell Automation · 1756-EN2TXT Series B <= 5.008
Rockwell Automation · 1756-EN2TXT Series B <= 5.028
Rockwell Automation · 1756-EN2TXT Series C <= 5.008
Rockwell Automation · 1756-EN2TXT Series C <= 5.028
Rockwell Automation · 1756-EN2TXT Series D <= 11.003
Rockwell Automation · 1756-EN2TP Series A <= 11.003
Rockwell Automation · 1756-EN2TPK Series A <= 11.003
Rockwell Automation · 1756-EN2TPXT Series A <= 11.003
Rockwell Automation · 1756-EN2TR Series A <= 5.008
Rockwell Automation · 1756-EN2TR Series A <= 5.028
Rockwell Automation · 1756-EN2TR Series B <= 5.008
Rockwell Automation · 1756-EN2TR Series B <= 5.028
Rockwell Automation · 1756-EN2TR Series C <= 11.003
Rockwell Automation · 1756-EN2TRK Series A <= 5.008
Rockwell Automation · 1756-EN2TRK Series A <= 5.028
Rockwell Automation · 1756-EN2TRK Series B <= 5.008
Rockwell Automation · 1756-EN2TRK Series B <= 5.028
Rockwell Automation · 1756-EN2TRK Series C <= 11.003
Rockwell Automation · 1756-EN2TRXT Series A <= 5.008
Rockwell Automation · 1756-EN2TRXT Series A <= 5.028
Rockwell Automation · 1756-EN2TRXT Series B <= 5.008
Rockwell Automation · 1756-EN2TRXT Series B <= 5.028
Rockwell Automation · 1756-EN2TRXT Series C <= 11.003
Rockwell Automation · 1756-EN2F Series A <= 5.008
Rockwell Automation · 1756-EN2F Series A <= 5.028
Rockwell Automation · 1756-EN2F Series B <= 5.008
Rockwell Automation · 1756-EN2F Series B <= 5.028
Rockwell Automation · 1756-EN2F Series C <= 11.003
Rockwell Automation · 1756-EN2FK Series A <= 5.008
Rockwell Automation · 1756-EN2FK Series A <= 5.028
Rockwell Automation · 1756-EN2FK Series B <= 5.008
Rockwell Automation · 1756-EN2FK Series B <= 5.028
Rockwell Automation · 1756-EN2FK Series C <= 11.003
Rockwell Automation · 1756-EN3TR Series A <= 5.008
Rockwell Automation · 1756-EN3TR Series A <= 5.028
Rockwell Automation · 1756-EN3TR Series B <= 11.003
Rockwell Automation · 1756-EN3TRK Series A <= 5.008
Rockwell Automation · 1756-EN3TRK Series A <= 5.028
Rockwell Automation · 1756-EN3TRK Series B <= 11.003
Rockwell Automation · 1756-EN4TR Series A <= 5.001
Rockwell Automation · 1756-EN4TRK Series A <= 5.001
Rockwell Automation · 1756-EN4TRXT Series A <= 5.001

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more