Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation. “An unreleased exploit capability leveraging these vulnerabilities is associated with an unnamed APT (Advanced Persistent Threat) group,” industrial cybersecurity company Dragos has stated on Wednesday. About the vulnerabilities (CVE-2023-3595, CVE-2023-3596) CVE-2023-3595 allows attackers to manipulate firmware memory, perform remote code execution with persistence, and modify, deny, and exfiltrate … More →
