Loading

Open Ports Vulnerability in Kinetix 5500 EtherNet/IP Servo Drive

Severity:
Critical
Advisory ID:
PN1624
发布日期:
May 11, 2023
上次更新时间:
October 16, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
否
Corrected:
是
Workaround:
否
CVE IDs
CVE-2023-1834
下载
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
CVE-2023-1834
摘要
Open Ports Vulnerability in Kinetix 5500 EtherNet/IP Servo Drive

 

Revision History
Revision Number
1.0
Revision History
Version 1.0 - May 11, 2023

Affected Products

Affected Product First Known in Firmware Revision Corrected in Firmware Revision
Kinetix 5500 manufactured between May 2022 and January 2023

*The manufacturing date of the drive is stated on the product label.
v7.13 Customers should upgrade to versions v7.14 or later to close the ports, which mitigates this issue.

Vulnerability Details

Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.

CVE-2023-1834 IMPACT
Rockwell Automation was made aware that Kinetix® 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default.

CVSS Base Score: 9.4/10
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CWE: CWE 284 Improper Access Control


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization
to generate more environment specific prioritization.

Risk Mitigation & User Action

Customers using the affected drives are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customer to implement our suggested security best practices to minimize risk of the vulnerability.
  • Upgrade to v7.14
  • QA43240 - Recommended Security Guidelines from Rockwell Automation

Additional Resources

  • CVE-2023-1834 JSON

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 主页 Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
请更新您的Cookies偏好以继续.
此功能需要Cookies来增强您的体验。请更新您的系统偏好以允许使用这些Cookies:
  • 社交媒体Cookies
  • 功能Cookies
  • 性能 Cookies
  • 市场营销Cookies
  • 所有Cookies
您可以随时更新您的系统偏好。如需了解更多信息,请参阅我们的 隐私政策
CloseClose