Strobes VIStrobes VI
CVE DatabaseThreat ActorsResearchAPI Docs
Visit Strobes.coSign Up for Strobes
CVE DatabaseThreat ActorsResearchAPI Docs
Tools
KB Lookup
Visit Strobes.coSign Up for Strobes
HomeCVEs

Do you like the insights?

Strobes vulnerability intelligence is a key component of their Exposure Management platform that helps organizations understand, prioritize, and address security vulnerabilities more effectively.

© 2026 Strobes Security. All rights reserved.
HomeCVEsCVE-2023-3595

CVE-2023-3595

Published: January 26, 2026
Last updated:21 hours ago (January 26, 2026)
Exploit: NoZero-day: YesPatch: YesTrend: Neutral
TL;DR
Updated January 26, 2026

CVE-2023-3595 is a critical severity vulnerability with a CVSS score of 9.8. No known exploits currently, and patches are available. This is classified as a zero-day vulnerability.

Key Points
  • 1Critical severity (CVSS 9.8/10)
  • 2EPSS: 13.00% - elevated likelihood of exploitation
  • 3No known public exploits
  • 4Vendor patches are available
  • 5Strobes Priority Score: 912/1000 (Critical)
  • 6Affects products from: Rockwellautomation
Severity Scores
CVSS v39.8
CVSS v20.0
Priority Score912.0
EPSS Score13.0
Critical
Exploitation LikelihoodMedium
13.00%EPSS

Moderate probability of exploitation

Schedule patching within weeks
13.00%
EPSS
9.8
CVSS
No
Exploit
Yes
Patch
Critical Priority
high EPSS • critical severity • high priority

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

CVSS v3 Breakdown
Attack Vector:Network
Attack Complexity:Local
Privileges Required:Network
User Interaction:Network
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability:High
Patch References
[email protected]Zeroday CZ
Trend Analysis
Neutral
Vulnerable Products
VendorProduct
Rockwellautomation1756 En3tr Series A
Rockwellautomation1756 En3tr Series B Firmware
Rockwellautomation1756 En2f Series B Firmware
Rockwellautomation1756 En2t Series B Firmware
Rockwellautomation1756 En2tr Series C Firmware
Rockwellautomation1756 En2f Series B
Rockwellautomation1756 En2t Series A Firmware
Rockwellautomation1756 En2tr Series B Firmware
Rockwellautomation1756 En2tr Series C
Rockwellautomation1756 En3tr Series B

And 14 more...

Advisories
GitHub Advisory
NVD: Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
Cite This Page
APA Format
Strobes VI. (2026). CVE-2023-3595 - CVE Details and Analysis. Strobes VI. Retrieved January 27, 2026, from https://vi.strobes.co/cve/CVE-2023-3595
Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.