Loading

Open Ports Vulnerability in Kinetix 5500 EtherNet/IP Servo Drive

Severity:
Critical
Advisory ID:
PN1624
Date de publication:
May 11, 2023
Date de la dernière mise à jour:
October 16, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Non
Corrected:
Oui
Workaround:
Non
CVE IDs
CVE-2023-1834
Téléchargements
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
Résumé
Open Ports Vulnerability in Kinetix 5500 EtherNet/IP Servo Drive

Revision Number

1.1
Revision History
Version 1.0 - May 11, 2023
Version 1.1 - September 10, 2025 - Updated for readability

Affected Products

Affected Product First Known in Firmware Revision Corrected in Firmware Revision
Kinetix 5500 manufactured between May 2022 and January 2023

*The manufacturing date of the drive is stated on the product label.
v7.13 Customers should upgrade to versions v7.14 or later to close the ports, which mitigates this issue.

Security Issue Details

Rockwell Automation uses the latest version of the CVSS scoring system to assess security issues..

CVE-2023-1834 IMPACT
Rockwell Automation was made aware that Kinetix® 5500 drives, manufactured between May 2022 and January 2023 that are running v7.13. These may have the telnet and FTP ports open by default.  This could potentially allow attackers unauthorized access to the device through the open ports.

CVSS Base Score: 9.4/10
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE: CWE 284 Improper Access Control


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.

Risk Mitigation & User Action

Customers using the affected drives should use the risk mitigations and our suggested security best practices to minimize risks..
  • Upgrade to v7.14
  • QA43240 - Recommended Security Guidelines from Rockwell Automation

Additional Resources

  • CVE-2023-1834 JSON

Glossary

FTP: (File Transfer Protocol) uses two primary ports for its operations: Port 21 and Port 20. These ports play distinct roles in facilitating file transfers between clients and servers.

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

Telnet: Teletype Network and is a client/server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Accueil Rockwell Automation Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Veuillez mettre à jour vos préférences en matière de cookies pour continuer.
Cette fonctionnalité nécessite des cookies pour améliorer votre expérience. Veuillez mettre à jour vos préférences pour autoriser ces cookies:
  • Cookies de réseaux sociaux
  • Cookies fonctionnels
  • Cookies de performances
  • Cookies marketing
  • Tous les cookies
Vous pouvez mettre à jour vos préférences à tout moment. Pour plus d'informations, veuillez consulter notre {0} politique de confidentialité
CloseClose