Vulnerabilites related to rockwellautomation - 1768-enbt
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2025-06-30 22:15
Severity ?
Summary
The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:controllogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37F4D4ED-1915-4155-9F0A-691771AA534B",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:guardlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8B5EE-C1BA-4CFB-B17F-C59BCDB41503",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554CCC-0A46-43D4-8D7D-44200BB7D314",
"versionEndIncluding": "1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3B4218-4483-4FAE-9915-8937F40AED27",
"versionEndIncluding": "1400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:softlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7219A5-4759-4143-B89F-869D49CAAFF7",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "330E9A05-C869-41B1-BB28-FD2A7C7ED0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD7D5DB-4A49-421A-8C6C-B9E6DA0A499B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD44B55C-BDD7-41CC-91A9-F31ED2FC69E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91D5245-DED2-469C-A800-62109F8159C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1794-aentr_flex_i\\/o_ethernet\\/ip_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD25E6B-6AE1-4B8C-A086-F5E152CAAA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA199887-E8F7-48EE-B1E0-9EF2E439DACE",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A763D845-B091-47A4-8A29-A1CD19C1E4F2",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l32e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19B8ED27-2512-4A42-973C-99D300963046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l35e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFC590C-01C1-48D1-A5BE-0F70BE7F36B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE24B9B-9F7D-4D8F-A674-F04FC9F9F8BC",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:flexlogix_1788-enbt_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "887A3369-548C-42B0-82C5-92CB161D3B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98626DD-BC79-473E-B25F-92C9BA12F6DD",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:softlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83AF504-2845-4022-BA8E-52F4FB773EA4",
"versionEndIncluding": "18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices.\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
},
{
"lang": "es",
"value": "Rockwell Automation EtherNet/IP; productos 1756-ENBT, 1756-EWEB, 1768-ENBT y m\u00f3dulos de comunicaci\u00f3n 1768-EWEB; CompactLogix L32E y L35E, 1788-ENBT adaptador FlexLogix; AENTR 1794-FLEX adaptador I/O EtherNet/IP; ControlLogix v18 y anteriores; CompactLogix 18 y anteriores; GuardLogix 18 y anteriores; SoftLogix v18 y anteriores; controladores CompactLogix v19 y anteriores; controladores SoftLogix v19 y anteriores; controladores ControlLogix v20 y anteriores, los controladores GuardLogix v20 y anteriores, y MicroLogix 1100 y 1400 no realizan correctamente la autenticaci\u00f3n para actualizaciones de firmware Ethernet, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un troyano que se hace pasar por una actualizaci\u00f3n."
}
],
"id": "CVE-2012-6437",
"lastModified": "2025-06-30T22:15:28.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:01.523",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2025-06-30 22:15
Severity ?
Summary
The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:controllogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37F4D4ED-1915-4155-9F0A-691771AA534B",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:guardlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8B5EE-C1BA-4CFB-B17F-C59BCDB41503",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554CCC-0A46-43D4-8D7D-44200BB7D314",
"versionEndIncluding": "1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3B4218-4483-4FAE-9915-8937F40AED27",
"versionEndIncluding": "1400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:softlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7219A5-4759-4143-B89F-869D49CAAFF7",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "330E9A05-C869-41B1-BB28-FD2A7C7ED0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD7D5DB-4A49-421A-8C6C-B9E6DA0A499B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD44B55C-BDD7-41CC-91A9-F31ED2FC69E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91D5245-DED2-469C-A800-62109F8159C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1794-aentr_flex_i\\/o_ethernet\\/ip_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD25E6B-6AE1-4B8C-A086-F5E152CAAA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA199887-E8F7-48EE-B1E0-9EF2E439DACE",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A763D845-B091-47A4-8A29-A1CD19C1E4F2",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l32e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19B8ED27-2512-4A42-973C-99D300963046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l35e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFC590C-01C1-48D1-A5BE-0F70BE7F36B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE24B9B-9F7D-4D8F-A674-F04FC9F9F8BC",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:flexlogix_1788-enbt_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "887A3369-548C-42B0-82C5-92CB161D3B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98626DD-BC79-473E-B25F-92C9BA12F6DD",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:softlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83AF504-2845-4022-BA8E-52F4FB773EA4",
"versionEndIncluding": "18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.\n\n\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en varios productos Rockwell Automation EtherNet/IP; 1756-ENBT, 1756-EWEB, 1768-ENBT, y 1768-EWEB; controladores CompactLogix L32E y L35E; adaptodor 1788-ENBT FLEXLogix; adaptador 1794-AENTR FLEX I/O EtherNet/IP; ControlLogix 18 y anteriores; CompactLogix 18 y anteriores; GuardLogix 18 y anteriores; SoftLogix 18 y anteriores; CompactLogix 19 y anteriores; SoftLogix 19 y anteriores; ControlLogix 20 y anteriores; GuardLogix 20 y anteriores; y MicroLogix 1100 y 1400, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de CPU y agotamiento de la comunicaci\u00f3n) a trav\u00e9s de un paquete CIP mal formado."
}
],
"id": "CVE-2012-6436",
"lastModified": "2025-06-30T22:15:28.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:01.477",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2025-06-30 22:15
Severity ?
Summary
When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:ethernet\\/ip_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "073A26FB-39D2-4771-9277-B0FA21088924",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "330E9A05-C869-41B1-BB28-FD2A7C7ED0CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD7D5DB-4A49-421A-8C6C-B9E6DA0A499B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD44B55C-BDD7-41CC-91A9-F31ED2FC69E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91D5245-DED2-469C-A800-62109F8159C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56D3970-D62A-4D79-976C-A213532969C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:l32e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C10816B-573D-49F1-AE34-CBC7FA47161F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:rockwellautomation:l35e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62343222-0FAA-41B0-902C-CCFDD931211C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:flexlogix_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB205EC-6543-4F4D-A8DA-4B4374238C3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1788-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5118BE5-1FBD-4A62-9B38-98CC0DE40649",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:flex_i\\/o_ethernet\\/ip__firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6802A420-A771-4FE8-A9CE-64EA3760B968",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1794-aentr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "707E2529-484B-42CC-B981-FDE323FDAF2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:micrologix_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "130E4BE6-373D-4CF4-AC04-106784EAE137",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5051E4-D45E-4879-ADBF-CF048591BA96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8153C27-B429-4A55-9CED-B6D81F55BC3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_controllers_firmware:19:*:*:*:*:*:*:*",
"matchCriteriaId": "E85B0C4C-5299-4C48-B06B-30E13A9DAFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_firmware:18:*:*:*:*:*:*:*",
"matchCriteriaId": "0836F9A5-6487-4702-9D61-C85D5ADAC0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_controllers_firmware:20:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9D7324-931A-4E46-8128-045C2C6C7E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_firmware:18:*:*:*:*:*:*:*",
"matchCriteriaId": "4749D825-0323-40ED-9C26-5BB4886B487E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_controllers_firmware:20:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC8BA80-3E6B-402C-9984-CC3D9CD082CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_firmware:18:*:*:*:*:*:*:*",
"matchCriteriaId": "29CA9FBB-DBDF-40ED-9583-8D619A377AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:softlogix_controllers_firmware:19:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBCE43A-0173-4A57-918C-5958782F4958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:softlogix_firmware:18:*:*:*:*:*:*:*",
"matchCriteriaId": "33067DAD-1A7B-4A89-A726-05BAA9CFD023",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
},
{
"lang": "es",
"value": "Los productos Rockwell Automation EtherNet/IP: 1756-ENBT, 1756-EWEB, 1768-ENBT, y los m\u00f3dulos de comunicaci\u00f3n 1768-EWEB; CompactLogix L32E y controladores L35E; adaptador 1788-ENBT FLEXLogix; adaptador 1794-AENTR FLEX I/O EtherNet/IP; ControlLogix 18 y anteriores; CompactLogix 18 y anteriores; GuardLogix 18 y anteriores; SoftLogix 18 y anteriores; controladores CompactLogix 19 y anteriores; controladores SoftLogix 19 y anteriores; controladores ControlLogix 20 y anteriores; controladores GuardLogix 20 y anteriores; y MicroLogix 1100 y 1400 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (control y corte de la comunicaci\u00f3n) a trav\u00e9s de un mensaje CIP que especifica un reinicio."
}
],
"id": "CVE-2012-6442",
"lastModified": "2025-06-30T22:15:29.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:01.773",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2025-06-30 22:15
Severity ?
Summary
An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:controllogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37F4D4ED-1915-4155-9F0A-691771AA534B",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:guardlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8B5EE-C1BA-4CFB-B17F-C59BCDB41503",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554CCC-0A46-43D4-8D7D-44200BB7D314",
"versionEndIncluding": "1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3B4218-4483-4FAE-9915-8937F40AED27",
"versionEndIncluding": "1400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:softlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7219A5-4759-4143-B89F-869D49CAAFF7",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "330E9A05-C869-41B1-BB28-FD2A7C7ED0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD7D5DB-4A49-421A-8C6C-B9E6DA0A499B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD44B55C-BDD7-41CC-91A9-F31ED2FC69E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91D5245-DED2-469C-A800-62109F8159C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1794-aentr_flex_i\\/o_ethernet\\/ip_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD25E6B-6AE1-4B8C-A086-F5E152CAAA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA199887-E8F7-48EE-B1E0-9EF2E439DACE",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A763D845-B091-47A4-8A29-A1CD19C1E4F2",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l32e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19B8ED27-2512-4A42-973C-99D300963046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l35e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFC590C-01C1-48D1-A5BE-0F70BE7F36B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE24B9B-9F7D-4D8F-A674-F04FC9F9F8BC",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:flexlogix_1788-enbt_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "887A3369-548C-42B0-82C5-92CB161D3B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98626DD-BC79-473E-B25F-92C9BA12F6DD",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:softlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83AF504-2845-4022-BA8E-52F4FB773EA4",
"versionEndIncluding": "18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality.\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
},
{
"lang": "es",
"value": "Los productos Rockwell Automation EtherNet/IP: m\u00f3dulos de comunicaci\u00f3n 1756-ENBT, 1756-EWEB, 1768-ENBT, y 1768-EWEB; controladores CompactLogix L32E y L35E; adaptador 1788-ENBT FLEXLogix; adaptador 1794-AENTR FLEX I/O EtherNet/IP; ControlLogix 18 y anteriores; CompactLogix 18 y anteriores; GuardLogix 18 y anteriores; SoftLogix 18 y anteriores; controlador CompactLogix 19 y anteriores; controladores SoftLogix 19 y anteriores; controladores ControlLogix 20 y anteriores; controladores GuardLogix 20 y anteriores; MicroLogix 1100 y 1400 permiten a atacantes remotos obtener informaci\u00f3n sensible por paquetes CIP manipulados."
}
],
"id": "CVE-2012-6441",
"lastModified": "2025-06-30T22:15:29.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:01.727",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2025-06-30 22:15
Severity ?
Summary
The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:controllogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37F4D4ED-1915-4155-9F0A-691771AA534B",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:guardlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8B5EE-C1BA-4CFB-B17F-C59BCDB41503",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554CCC-0A46-43D4-8D7D-44200BB7D314",
"versionEndIncluding": "1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3B4218-4483-4FAE-9915-8937F40AED27",
"versionEndIncluding": "1400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:softlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7219A5-4759-4143-B89F-869D49CAAFF7",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "330E9A05-C869-41B1-BB28-FD2A7C7ED0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD7D5DB-4A49-421A-8C6C-B9E6DA0A499B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD44B55C-BDD7-41CC-91A9-F31ED2FC69E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91D5245-DED2-469C-A800-62109F8159C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1794-aentr_flex_i\\/o_ethernet\\/ip_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD25E6B-6AE1-4B8C-A086-F5E152CAAA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA199887-E8F7-48EE-B1E0-9EF2E439DACE",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A763D845-B091-47A4-8A29-A1CD19C1E4F2",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l32e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19B8ED27-2512-4A42-973C-99D300963046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l35e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFC590C-01C1-48D1-A5BE-0F70BE7F36B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE24B9B-9F7D-4D8F-A674-F04FC9F9F8BC",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:flexlogix_1788-enbt_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "887A3369-548C-42B0-82C5-92CB161D3B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98626DD-BC79-473E-B25F-92C9BA12F6DD",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:softlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83AF504-2845-4022-BA8E-52F4FB773EA4",
"versionEndIncluding": "18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product\u2019s Web server to view and alter product configuration and diagnostics information.\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
},
{
"lang": "es",
"value": "La funcionalidad de autenticaci\u00f3n web-server en los productos Rockwell Automation EtherNet/IP; m\u00f3dulos de comunicaci\u00f3n 1756-ENBT, 1756-EWEB, 1768-ENBT, y 1768-EWEB; controlodares CompactLogix L32E y L35E; adaptador 1788-ENBT FLEXLogix; adaptador 1794-AENTR FLEX I/O EtherNet/IP; ControlLogix 18 y anteriores; CompactLogix 18 y anteriores; GuardLogix 18 y anteriores; SoftLogix 18 y anteriores; controladores CompactLogix 19 y anteriores; controladores SoftLogix 19 y anteriores; controladores ControlLogix 20 y anteriores; controladores GuardLogix 20 y anteriores; MicroLogix 1100 y 1400 permiten ataques man-in-the-middle conducir ataques de repetici\u00f3n por tr\u00e1fico HTTP."
}
],
"id": "CVE-2012-6440",
"lastModified": "2025-06-30T22:15:29.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": true
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-24T21:55:01.697",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2025-06-30 22:15
Severity ?
Summary
When an affected
product receives a valid CIP message from an unauthorized or unintended
source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port
44818/UDP that changes the product’s configuration and network
parameters, a DoS condition can occur. This situation could cause loss
of availability and a disruption of communication with other connected
devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:controllogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37F4D4ED-1915-4155-9F0A-691771AA534B",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:guardlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8B5EE-C1BA-4CFB-B17F-C59BCDB41503",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554CCC-0A46-43D4-8D7D-44200BB7D314",
"versionEndIncluding": "1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3B4218-4483-4FAE-9915-8937F40AED27",
"versionEndIncluding": "1400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:softlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7219A5-4759-4143-B89F-869D49CAAFF7",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "330E9A05-C869-41B1-BB28-FD2A7C7ED0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD7D5DB-4A49-421A-8C6C-B9E6DA0A499B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD44B55C-BDD7-41CC-91A9-F31ED2FC69E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91D5245-DED2-469C-A800-62109F8159C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1794-aentr_flex_i\\/o_ethernet\\/ip_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD25E6B-6AE1-4B8C-A086-F5E152CAAA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA199887-E8F7-48EE-B1E0-9EF2E439DACE",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A763D845-B091-47A4-8A29-A1CD19C1E4F2",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l32e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19B8ED27-2512-4A42-973C-99D300963046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l35e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFC590C-01C1-48D1-A5BE-0F70BE7F36B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE24B9B-9F7D-4D8F-A674-F04FC9F9F8BC",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:flexlogix_1788-enbt_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "887A3369-548C-42B0-82C5-92CB161D3B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98626DD-BC79-473E-B25F-92C9BA12F6DD",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:softlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83AF504-2845-4022-BA8E-52F4FB773EA4",
"versionEndIncluding": "18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When an affected \nproduct receives a valid CIP message from an unauthorized or unintended \nsource to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port \n44818/UDP that changes the product\u2019s configuration and network \nparameters, a DoS condition can occur. This situation could cause loss \nof availability and a disruption of communication with other connected \ndevices.\u00a0\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
},
{
"lang": "es",
"value": "Rockwell Automation EtherNet/IP; productos 1756-ENBT, 1756-EWEB, 1768-ENBT y m\u00f3dulos de comunicaci\u00f3n 1768-EWEB; CompactLogix L32E y L35E, 1788-ENBT adaptador FlexLogix ; AENTR 1794-FLEX I/O EtherNet/IP del adaptador; ControlLogix v18 y anteriores; CompactLogix 18 y anteriores; GuardLogix v18 y anteriores; SoftLogix v18 y anteriores; controladores CompactLogix v19 y anteriores; controladores SoftLogix v19 y anteriores; controladores ControlLogix v20 y anteriores, los controladores GuardLogix v20 y anteriores, y MicroLogix 1100 y 1400 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (control y corte de la comunicaci\u00f3n) a trav\u00e9s de un mensaje CIP que modifica la configuraci\u00f3n (1) o (2) los par\u00e1metros de red."
}
],
"id": "CVE-2012-6439",
"lastModified": "2025-06-30T22:15:29.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:01.650",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2025-06-30 22:15
Severity ?
Summary
When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:controllogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37F4D4ED-1915-4155-9F0A-691771AA534B",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:guardlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8B5EE-C1BA-4CFB-B17F-C59BCDB41503",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554CCC-0A46-43D4-8D7D-44200BB7D314",
"versionEndIncluding": "1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3B4218-4483-4FAE-9915-8937F40AED27",
"versionEndIncluding": "1400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:softlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7219A5-4759-4143-B89F-869D49CAAFF7",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "330E9A05-C869-41B1-BB28-FD2A7C7ED0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD7D5DB-4A49-421A-8C6C-B9E6DA0A499B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD44B55C-BDD7-41CC-91A9-F31ED2FC69E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91D5245-DED2-469C-A800-62109F8159C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1794-aentr_flex_i\\/o_ethernet\\/ip_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD25E6B-6AE1-4B8C-A086-F5E152CAAA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA199887-E8F7-48EE-B1E0-9EF2E439DACE",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A763D845-B091-47A4-8A29-A1CD19C1E4F2",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l32e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19B8ED27-2512-4A42-973C-99D300963046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l35e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFC590C-01C1-48D1-A5BE-0F70BE7F36B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE24B9B-9F7D-4D8F-A674-F04FC9F9F8BC",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:flexlogix_1788-enbt_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "887A3369-548C-42B0-82C5-92CB161D3B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98626DD-BC79-473E-B25F-92C9BA12F6DD",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:softlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83AF504-2845-4022-BA8E-52F4FB773EA4",
"versionEndIncluding": "18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
},
{
"lang": "es",
"value": "Rockwell Automation EtherNet/IP; productos 1756-ENBT, 1756-EWEB, 1768-ENBT y m\u00f3dulos de comunicaci\u00f3n 1768-EWEB; CompactLogix L32E y L35E, 1788-ENBT adaptador FlexLogix; AENTR 1794-FLEX adaptador I/O EtherNet/IP; ControlLogix v18 y anteriores; CompactLogix 18 y anteriores; GuardLogix v18 y anteriores; SoftLogix v18 y anteriores; controladores CompactLogix 19 y anteriores; controladores SoftLogix v19 y anteriores; controladores ControlLogix v20 y anteriores, los controladores GuardLogix v20 y anteriores, y MicroLogix 1100 y 1400 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (control y corte de la comunicaci\u00f3n) a trav\u00e9s de un mensaje CIP que especifica una parada l\u00f3gica de ejecuci\u00f3n y fallos."
}
],
"id": "CVE-2012-6435",
"lastModified": "2025-06-30T22:15:27.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:01.430",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-24 21:55
Modified
2025-06-30 22:15
Severity ?
Summary
The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:controllogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37F4D4ED-1915-4155-9F0A-691771AA534B",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:guardlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8B5EE-C1BA-4CFB-B17F-C59BCDB41503",
"versionEndIncluding": "20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554CCC-0A46-43D4-8D7D-44200BB7D314",
"versionEndIncluding": "1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3B4218-4483-4FAE-9915-8937F40AED27",
"versionEndIncluding": "1400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:softlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7219A5-4759-4143-B89F-869D49CAAFF7",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "330E9A05-C869-41B1-BB28-FD2A7C7ED0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD7D5DB-4A49-421A-8C6C-B9E6DA0A499B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD44B55C-BDD7-41CC-91A9-F31ED2FC69E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C91D5245-DED2-469C-A800-62109F8159C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:1794-aentr_flex_i\\/o_ethernet\\/ip_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD25E6B-6AE1-4B8C-A086-F5E152CAAA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA199887-E8F7-48EE-B1E0-9EF2E439DACE",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A763D845-B091-47A4-8A29-A1CD19C1E4F2",
"versionEndIncluding": "19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l32e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19B8ED27-2512-4A42-973C-99D300963046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_l35e_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFC590C-01C1-48D1-A5BE-0F70BE7F36B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE24B9B-9F7D-4D8F-A674-F04FC9F9F8BC",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:flexlogix_1788-enbt_adapter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "887A3369-548C-42B0-82C5-92CB161D3B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98626DD-BC79-473E-B25F-92C9BA12F6DD",
"versionEndIncluding": "18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:rockwellautomation:softlogix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83AF504-2845-4022-BA8E-52F4FB773EA4",
"versionEndIncluding": "18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Rockwell Automation EtherNet/IP; productos 1756-ENBT, 1756-EWEB, 1768-ENBT y m\u00f3dulos de comunicaci\u00f3n 1768-EWEB; CompactLogix L32E y L35E, 1788-ENBT adaptador FlexLogix; AENTR 1794-FLEX adaptador I/O EtherNet/IP; ControlLogix v18 y anteriores; CompactLogix v18 y anteriores; GuardLogix v18 y anteriores; SoftLogix v18 y anteriores; controladores CompactLogix v19 y anteriores; controladores SoftLogix v19 y anteriores; controladores ControlLogix v20 y anteriores, los controladores GuardLogix v20 y anteriores, y MicroLogix 1100 y 1400, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda NIC y corte de la comunicaci\u00f3n) a trav\u00e9s de un paquete mal formado CIP."
}
],
"id": "CVE-2012-6438",
"lastModified": "2025-06-30T22:15:28.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T21:55:01.603",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2012-6435 (GCVE-0-2012-6435)
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2025-06-30 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules |
Version: All |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix L32E and L35E controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1788-ENBT FLEXLogix adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1794-AENTR FLEX I/O EtherNet/IP adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix and SoftLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix and GuardLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1100"
},
{
"status": "affected",
"version": "1400"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rub\u00e9n Santamarta of IOActive identified vulnerabilities in Rockwell Automation\u2019s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T21:37:15.940Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information on security with Rockwell Automation products, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"source": {
"advisory": "ICSA-13-011-03",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ControlLogix PLC Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\u003c/p\u003e\u003col\u003e\u003cli\u003eBlock all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\u003c/li\u003e\u003cli\u003eEmploy a UTM appliance that specifically supports CIP message filtering.\u003c/li\u003e\u003c/ol\u003e\n\n\u003cp\u003eIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\u003c/p\u003e\u003col\u003e\u003cli\u003eEmploy layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ab.com/networks/architectures.html\"\u003ehttp://www.ab.com/networks/architectures.html\u003c/a\u003e for comprehensive information about implementing validated architectures designed to deliver these measures.\u003c/li\u003e\u003cli\u003eRestrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\u003c/li\u003e\u003cli\u003eEmploy firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\u003c/li\u003e\u003cli\u003eUse up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\u003c/li\u003e\u003cli\u003eMake sure that software and control system device firmware is patched to current releases.\u003c/li\u003e\u003cli\u003ePeriodically change passwords in control system components and infrastructure devices.\u003c/li\u003e\u003cli\u003eWhere applicable, set the controller key-switch/mode-switch to RUN mode.\u003c/li\u003e\u003c/ol\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor more information on security with Rockwell Automation products, please refer to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\n\nTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\n\n * Block all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\n * Employ a UTM appliance that specifically supports CIP message filtering.\n\n\nIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\n\n * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.\n * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\n * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\n * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\n * Make sure that software and control system device firmware is patched to current releases.\n * Periodically change passwords in control system components and infrastructure devices.\n * Where applicable, set the controller key-switch/mode-switch to RUN mode.\n\n\n\n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6435",
"datePublished": "2013-01-24T21:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2025-06-30T21:37:15.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6437 (GCVE-0-2012-6437)
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2025-06-30 22:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules |
Version: All |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix L32E and L35E controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1788-ENBT FLEXLogix adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1794-AENTR FLEX I/O EtherNet/IP adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix and SoftLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix and GuardLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1100"
},
{
"status": "affected",
"version": "1400"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rub\u00e9n Santamarta of IOActive identified vulnerabilities in Rockwell Automation\u2019s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices.\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T22:05:18.667Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information on security with Rockwell Automation products, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"source": {
"advisory": "ICSA-13-011-03",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ControlLogix PLC Improper Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eTo mitigate the vulnerability with the Web server password authentication mechanism:\u003c/p\u003e\u003col\u003e\u003cli\u003eUpgrade the MicroLogix 1400 firmware to FRN 12 or higher.\u003c/li\u003e\u003cli\u003eBecause of limitations in the MicroLogix 1100 platform, none of the firmware updates will be able to fix this issue, so users should use the following techniques to help reduce the likelihood of compromise.\u003c/li\u003e\u003cli\u003eWhere possible, disable the Web server and change all default Administrator and Guest passwords.\u003c/li\u003e\u003cli\u003eIf Web server functionality is needed, then Rockwell recommends upgrading the product\u2019s firmware to the most current version to have the newest enhanced protections available such as:\u003col\u003e\u003cli\u003eWhen a controller receives two consecutive invalid authentication requests from an HTTP client, the controller resets the Authentication Counter after 60 minutes.\u003c/li\u003e\u003cli\u003eWhen a controller receives 10 invalid authentication requests from any HTTP client, it will not accept any valid or invalid authentication packets until a 24-hour HTTP Server Lock Timer timeout.\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\u003cli\u003eIf Web server functionality is needed, Rockwell also recommends configuring user accounts to have READ only access to the product so those accounts cannot be used to make configuration change\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\u003c/p\u003e\u003col\u003e\u003cli\u003eEmploy layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ab.com/networks/architectures.html\"\u003ehttp://www.ab.com/networks/architectures.html\u003c/a\u003e for comprehensive information about implementing validated architectures designed to deliver these measures.\u003c/li\u003e\u003cli\u003eRestrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\u003c/li\u003e\u003cli\u003eEmploy firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\u003c/li\u003e\u003cli\u003eUse up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\u003c/li\u003e\u003cli\u003eMake sure that software and control system device firmware is patched to current releases.\u003c/li\u003e\u003cli\u003ePeriodically change passwords in control system components and infrastructure devices.\u003c/li\u003e\u003cli\u003eWhere applicable, set the controller key-switch/mode-switch to RUN mode.\u003c/li\u003e\u003c/ol\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor more information on security with Rockwell Automation products, please refer to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\n\n\n\n\n\nTo mitigate the vulnerability with the Web server password authentication mechanism:\n\n * Upgrade the MicroLogix 1400 firmware to FRN 12 or higher.\n * Because of limitations in the MicroLogix 1100 platform, none of the firmware updates will be able to fix this issue, so users should use the following techniques to help reduce the likelihood of compromise.\n * Where possible, disable the Web server and change all default Administrator and Guest passwords.\n * If Web server functionality is needed, then Rockwell recommends upgrading the product\u2019s firmware to the most current version to have the newest enhanced protections available such as: * When a controller receives two consecutive invalid authentication requests from an HTTP client, the controller resets the Authentication Counter after 60 minutes.\n * When a controller receives 10 invalid authentication requests from any HTTP client, it will not accept any valid or invalid authentication packets until a 24-hour HTTP Server Lock Timer timeout.\n\n * If Web server functionality is needed, Rockwell also recommends configuring user accounts to have READ only access to the product so those accounts cannot be used to make configuration change\nIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\n\n * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.\n * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\n * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\n * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\n * Make sure that software and control system device firmware is patched to current releases.\n * Periodically change passwords in control system components and infrastructure devices.\n * Where applicable, set the controller key-switch/mode-switch to RUN mode.\n\n\n\n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6437",
"datePublished": "2013-01-24T21:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2025-06-30T22:05:18.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6439 (GCVE-0-2012-6439)
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2025-06-30 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
When an affected
product receives a valid CIP message from an unauthorized or unintended
source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port
44818/UDP that changes the product’s configuration and network
parameters, a DoS condition can occur. This situation could cause loss
of availability and a disruption of communication with other connected
devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules |
Version: All |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix L32E and L35E controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1788-ENBT FLEXLogix adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1794-AENTR FLEX I/O EtherNet/IP adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix and SoftLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix and GuardLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1100"
},
{
"status": "affected",
"version": "1400"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rub\u00e9n Santamarta of IOActive identified vulnerabilities in Rockwell Automation\u2019s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen an affected \nproduct receives a valid CIP message from an unauthorized or unintended \nsource to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port \n44818/UDP that changes the product\u2019s configuration and network \nparameters, a DoS condition can occur. This situation could cause loss \nof availability and a disruption of communication with other connected \ndevices.\u003c/span\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "When an affected \nproduct receives a valid CIP message from an unauthorized or unintended \nsource to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port \n44818/UDP that changes the product\u2019s configuration and network \nparameters, a DoS condition can occur. This situation could cause loss \nof availability and a disruption of communication with other connected \ndevices.\u00a0\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T21:33:10.902Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information on security with Rockwell Automation products, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"source": {
"advisory": "ICSA-13-011-03",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ControlLogix PLC Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\u003c/p\u003e\u003col\u003e\u003cli\u003eBlock all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\u003c/li\u003e\u003cli\u003eEmploy a UTM appliance that specifically supports CIP message filtering.\u003c/li\u003e\u003c/ol\u003e\n\n\u003cp\u003eIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\u003c/p\u003e\u003col\u003e\u003cli\u003eEmploy layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ab.com/networks/architectures.html\"\u003ehttp://www.ab.com/networks/architectures.html\u003c/a\u003e for comprehensive information about implementing validated architectures designed to deliver these measures.\u003c/li\u003e\u003cli\u003eRestrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\u003c/li\u003e\u003cli\u003eEmploy firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\u003c/li\u003e\u003cli\u003eUse up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\u003c/li\u003e\u003cli\u003eMake sure that software and control system device firmware is patched to current releases.\u003c/li\u003e\u003cli\u003ePeriodically change passwords in control system components and infrastructure devices.\u003c/li\u003e\u003cli\u003eWhere applicable, set the controller key-switch/mode-switch to RUN mode.\u003c/li\u003e\u003c/ol\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor more information on security with Rockwell Automation products, please refer to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\n\nTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\n\n * Block all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\n * Employ a UTM appliance that specifically supports CIP message filtering.\n\n\nIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\n\n * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.\n * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\n * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\n * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\n * Make sure that software and control system device firmware is patched to current releases.\n * Periodically change passwords in control system components and infrastructure devices.\n * Where applicable, set the controller key-switch/mode-switch to RUN mode.\n\n\n\n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6439",
"datePublished": "2013-01-24T21:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2025-06-30T21:33:10.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6438 (GCVE-0-2012-6438)
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2025-06-30 21:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules |
Version: All |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix L32E and L35E controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1788-ENBT FLEXLogix adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1794-AENTR FLEX I/O EtherNet/IP adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix and SoftLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix and GuardLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1100"
},
{
"status": "affected",
"version": "1400"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rub\u00e9n Santamarta of IOActive identified vulnerabilities in Rockwell Automation\u2019s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T21:47:52.993Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information on security with Rockwell Automation products, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"source": {
"advisory": "ICSA-13-011-03",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ControlLogix PLC Improper Input Validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\u003c/p\u003e\u003col\u003e\u003cli\u003eBlock all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\u003c/li\u003e\u003cli\u003eEmploy a UTM appliance that specifically supports CIP message filtering.\u003c/li\u003e\u003c/ol\u003e\n\n\u003cp\u003eIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\u003c/p\u003e\u003col\u003e\u003cli\u003eEmploy layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ab.com/networks/architectures.html\"\u003ehttp://www.ab.com/networks/architectures.html\u003c/a\u003e for comprehensive information about implementing validated architectures designed to deliver these measures.\u003c/li\u003e\u003cli\u003eRestrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\u003c/li\u003e\u003cli\u003eEmploy firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\u003c/li\u003e\u003cli\u003eUse up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\u003c/li\u003e\u003cli\u003eMake sure that software and control system device firmware is patched to current releases.\u003c/li\u003e\u003cli\u003ePeriodically change passwords in control system components and infrastructure devices.\u003c/li\u003e\u003cli\u003eWhere applicable, set the controller key-switch/mode-switch to RUN mode.\u003c/li\u003e\u003c/ol\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor more information on security with Rockwell Automation products, please refer to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\n\nTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\n\n * Block all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\n * Employ a UTM appliance that specifically supports CIP message filtering.\n\n\nIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\n\n * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.\n * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\n * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\n * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\n * Make sure that software and control system device firmware is patched to current releases.\n * Periodically change passwords in control system components and infrastructure devices.\n * Where applicable, set the controller key-switch/mode-switch to RUN mode.\n\n\n\n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6438",
"datePublished": "2013-01-24T21:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2025-06-30T21:47:52.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6441 (GCVE-0-2012-6441)
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2025-06-30 21:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules |
Version: All |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix L32E and L35E controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1788-ENBT FLEXLogix adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1794-AENTR FLEX I/O EtherNet/IP adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix and SoftLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix and GuardLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1100"
},
{
"status": "affected",
"version": "1400"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was discovered by Rockwell Automation engineers as they were investigating other vulnerabilities reported at the Digital Bond S4 2012 Conference."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality.\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T21:43:45.657Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information on security with Rockwell Automation products, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"source": {
"advisory": "ICSA-13-011-03",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation ControlLogix PLC Information Exposure",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\u003c/p\u003e\u003col\u003e\u003cli\u003eBlock all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\u003c/li\u003e\u003cli\u003eEmploy a UTM appliance that specifically supports CIP message filtering.\u003c/li\u003e\u003c/ol\u003e\n\n\u003cp\u003eIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\u003c/p\u003e\u003col\u003e\u003cli\u003eEmploy layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ab.com/networks/architectures.html\"\u003ehttp://www.ab.com/networks/architectures.html\u003c/a\u003e for comprehensive information about implementing validated architectures designed to deliver these measures.\u003c/li\u003e\u003cli\u003eRestrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\u003c/li\u003e\u003cli\u003eEmploy firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\u003c/li\u003e\u003cli\u003eUse up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\u003c/li\u003e\u003cli\u003eMake sure that software and control system device firmware is patched to current releases.\u003c/li\u003e\u003cli\u003ePeriodically change passwords in control system components and infrastructure devices.\u003c/li\u003e\u003cli\u003eWhere applicable, set the controller key-switch/mode-switch to RUN mode.\u003c/li\u003e\u003c/ol\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor more information on security with Rockwell Automation products, please refer to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\n\nTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\n\n * Block all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\n * Employ a UTM appliance that specifically supports CIP message filtering.\n\n\nIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\n\n * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.\n * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\n * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\n * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\n * Make sure that software and control system device firmware is patched to current releases.\n * Periodically change passwords in control system components and infrastructure devices.\n * Where applicable, set the controller key-switch/mode-switch to RUN mode.\n\n\n\n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6441",
"datePublished": "2013-01-24T21:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2025-06-30T21:43:45.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6436 (GCVE-0-2012-6436)
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2025-06-30 21:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules |
Version: All |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix L32E and L35E controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1788-ENBT FLEXLogix adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1794-AENTR FLEX I/O EtherNet/IP adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix and SoftLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix and GuardLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1100"
},
{
"status": "affected",
"version": "1400"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rub\u00e9n Santamarta of IOActive identified vulnerabilities in Rockwell Automation\u2019s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.\n\n\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T21:59:03.474Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information on security with Rockwell Automation products, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"source": {
"advisory": "ICSA-13-011-03",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ControlLogix PLC Improper Input Validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\u003c/p\u003e\u003col\u003e\u003cli\u003eBlock all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\u003c/li\u003e\u003cli\u003eEmploy a UTM appliance that specifically supports CIP message filtering.\u003c/li\u003e\u003c/ol\u003e\n\n\u003cp\u003eIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\u003c/p\u003e\u003col\u003e\u003cli\u003eEmploy layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ab.com/networks/architectures.html\"\u003ehttp://www.ab.com/networks/architectures.html\u003c/a\u003e for comprehensive information about implementing validated architectures designed to deliver these measures.\u003c/li\u003e\u003cli\u003eRestrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\u003c/li\u003e\u003cli\u003eEmploy firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\u003c/li\u003e\u003cli\u003eUse up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\u003c/li\u003e\u003cli\u003eMake sure that software and control system device firmware is patched to current releases.\u003c/li\u003e\u003cli\u003ePeriodically change passwords in control system components and infrastructure devices.\u003c/li\u003e\u003cli\u003eWhere applicable, set the controller key-switch/mode-switch to RUN mode.\u003c/li\u003e\u003c/ol\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor more information on security with Rockwell Automation products, please refer to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\n\nTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\n\n * Block all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\n * Employ a UTM appliance that specifically supports CIP message filtering.\n\n\nIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\n\n * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.\n * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\n * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\n * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\n * Make sure that software and control system device firmware is patched to current releases.\n * Periodically change passwords in control system components and infrastructure devices.\n * Where applicable, set the controller key-switch/mode-switch to RUN mode.\n\n\n\n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6436",
"datePublished": "2013-01-24T21:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2025-06-30T21:59:03.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6440 (GCVE-0-2012-6440)
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2025-06-30 22:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules |
Version: All |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix L32E and L35E controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1788-ENBT FLEXLogix adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1794-AENTR FLEX I/O EtherNet/IP adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix and SoftLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix and GuardLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1100"
},
{
"status": "affected",
"version": "1400"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was discovered by Rockwell Automation engineers as they were investigating other vulnerabilities reported at the Digital Bond S4 2012 Conference."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product\u2019s Web server to view and alter product configuration and diagnostics information.\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product\u2019s Web server to view and alter product configuration and diagnostics information.\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T22:03:01.214Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information on security with Rockwell Automation products, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"source": {
"advisory": "ICSA-13-011-03",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation ControlLogix PLC Improper Input Validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eTo mitigate the vulnerability with the Web server password authentication mechanism:\u003c/p\u003e\u003col\u003e\u003cli\u003eUpgrade the MicroLogix 1400 firmware to FRN 12 or higher.\u003c/li\u003e\u003cli\u003eBecause of limitations in the MicroLogix 1100 platform, none of the firmware updates will be able to fix this issue, so users should use the following techniques to help reduce the likelihood of compromise.\u003c/li\u003e\u003cli\u003eWhere possible, disable the Web server and change all default Administrator and Guest passwords.\u003c/li\u003e\u003cli\u003eIf Web server functionality is needed, then Rockwell recommends upgrading the product\u2019s firmware to the most current version to have the newest enhanced protections available such as:\u003col\u003e\u003cli\u003eWhen a controller receives two consecutive invalid authentication requests from an HTTP client, the controller resets the Authentication Counter after 60 minutes.\u003c/li\u003e\u003cli\u003eWhen a controller receives 10 invalid authentication requests from any HTTP client, it will not accept any valid or invalid authentication packets until a 24-hour HTTP Server Lock Timer timeout.\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\u003cli\u003eIf Web server functionality is needed, Rockwell also recommends configuring user accounts to have READ only access to the product so those accounts cannot be used to make configuration change\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\u003c/p\u003e\u003col\u003e\u003cli\u003eEmploy layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ab.com/networks/architectures.html\"\u003ehttp://www.ab.com/networks/architectures.html\u003c/a\u003e for comprehensive information about implementing validated architectures designed to deliver these measures.\u003c/li\u003e\u003cli\u003eRestrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\u003c/li\u003e\u003cli\u003eEmploy firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\u003c/li\u003e\u003cli\u003eUse up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\u003c/li\u003e\u003cli\u003eMake sure that software and control system device firmware is patched to current releases.\u003c/li\u003e\u003cli\u003ePeriodically change passwords in control system components and infrastructure devices.\u003c/li\u003e\u003cli\u003eWhere applicable, set the controller key-switch/mode-switch to RUN mode.\u003c/li\u003e\u003c/ol\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor more information on security with Rockwell Automation products, please refer to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\n\n\n\n\n\nTo mitigate the vulnerability with the Web server password authentication mechanism:\n\n * Upgrade the MicroLogix 1400 firmware to FRN 12 or higher.\n * Because of limitations in the MicroLogix 1100 platform, none of the firmware updates will be able to fix this issue, so users should use the following techniques to help reduce the likelihood of compromise.\n * Where possible, disable the Web server and change all default Administrator and Guest passwords.\n * If Web server functionality is needed, then Rockwell recommends upgrading the product\u2019s firmware to the most current version to have the newest enhanced protections available such as: * When a controller receives two consecutive invalid authentication requests from an HTTP client, the controller resets the Authentication Counter after 60 minutes.\n * When a controller receives 10 invalid authentication requests from any HTTP client, it will not accept any valid or invalid authentication packets until a 24-hour HTTP Server Lock Timer timeout.\n\n * If Web server functionality is needed, Rockwell also recommends configuring user accounts to have READ only access to the product so those accounts cannot be used to make configuration change\nIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\n\n * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.\n * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\n * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\n * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\n * Make sure that software and control system device firmware is patched to current releases.\n * Periodically change passwords in control system components and infrastructure devices.\n * Where applicable, set the controller key-switch/mode-switch to RUN mode.\n\n\n\n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6440",
"datePublished": "2013-01-24T21:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2025-06-30T22:03:01.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6442 (GCVE-0-2012-6442)
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2025-06-30 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules |
Version: All |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix L32E and L35E controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1788-ENBT FLEXLogix adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1794-AENTR FLEX I/O EtherNet/IP adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix and SoftLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix and GuardLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1100"
},
{
"status": "affected",
"version": "1400"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rub\u00e9n Santamarta of IOActive identified vulnerabilities in Rockwell Automation\u2019s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T21:35:27.283Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information on security with Rockwell Automation products, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"source": {
"advisory": "ICSA-13-011-03",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ControlLogix PLC Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\u003c/p\u003e\u003col\u003e\u003cli\u003eBlock all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\u003c/li\u003e\u003cli\u003eEmploy a UTM appliance that specifically supports CIP message filtering.\u003c/li\u003e\u003c/ol\u003e\n\n\u003cp\u003eIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\u003c/p\u003e\u003col\u003e\u003cli\u003eEmploy layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ab.com/networks/architectures.html\"\u003ehttp://www.ab.com/networks/architectures.html\u003c/a\u003e for comprehensive information about implementing validated architectures designed to deliver these measures.\u003c/li\u003e\u003cli\u003eRestrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\u003c/li\u003e\u003cli\u003eEmploy firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\u003c/li\u003e\u003cli\u003eUse up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\u003c/li\u003e\u003cli\u003eMake sure that software and control system device firmware is patched to current releases.\u003c/li\u003e\u003cli\u003ePeriodically change passwords in control system components and infrastructure devices.\u003c/li\u003e\u003cli\u003eWhere applicable, set the controller key-switch/mode-switch to RUN mode.\u003c/li\u003e\u003c/ol\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor more information on security with Rockwell Automation products, please refer to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\n\nTo mitigate the vulnerabilities pertaining to receiving valid CIP packets:\n\n * Block all traffic to the Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Ports 2222 and 44818 using appropriate security technology such as a firewall or Unified Threat Management (UTM).\n * Employ a UTM appliance that specifically supports CIP message filtering.\n\n\nIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\n\n * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.\n * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\n * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\n * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\n * Make sure that software and control system device firmware is patched to current releases.\n * Periodically change passwords in control system components and infrastructure devices.\n * Where applicable, set the controller key-switch/mode-switch to RUN mode.\n\n\n\n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6442",
"datePublished": "2013-01-24T21:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2025-06-30T21:35:27.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201301-0157
Vulnerability from variot
The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic. plural Rockwell Automation Product Web The server password authentication function contains a vulnerability that allows replay attacks to be performed.Man-in-the-middle attacks (man-in-the-middle attack) By HTTP Through traffic, replay attacks can be performed. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. Attackers can exploit this vulnerability to bypass certain security restrictions, perform unauthorized actions; which may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexlogix 1788-enbt adapter",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1794-aentr flex i\\/o ethernet\\/ip adapter",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1768-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix l35e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1768-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "guardlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "1756-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l35e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "flex i/o ethernet/ip adapter 1794-aentr",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "flexlogix 1788-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1100"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1400"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "automation controllogix",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "softlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "guardlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "controllogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compactlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "softlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "micrologix",
"version": "*"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "14000"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "11000"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "20"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation compactlogix l35e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix l32e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation 1794-aentr",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1788-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-eweb",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2t series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1794 aentr flex i o ethernet ip adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l32e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l35e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "flexlogix 1788 enbt adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "207536e4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00292"
},
{
"db": "BID",
"id": "57315"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001268"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-461"
},
{
"db": "NVD",
"id": "CVE-2012-6440"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l32e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l35e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:compactlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controllogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1794-aentr_flex_i%2Fo_ethernet%2Fip_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:flexlogix_1788-enbt_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:guardlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:micrologix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:softlogix_controllers",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001268"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation engineers",
"sources": [
{
"db": "BID",
"id": "57315"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-461"
}
],
"trust": 0.9
},
"cve": "CVE-2012-6440",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-6440",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "207536e4-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-59721",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6440",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6440",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-461",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "207536e4-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-59721",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "207536e4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59721"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001268"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-461"
},
{
"db": "NVD",
"id": "CVE-2012-6440"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic. plural Rockwell Automation Product Web The server password authentication function contains a vulnerability that allows replay attacks to be performed.Man-in-the-middle attacks (man-in-the-middle attack) By HTTP Through traffic, replay attacks can be performed. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell\u0027s products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. \nAttackers can exploit this vulnerability to bypass certain security restrictions, perform unauthorized actions; which may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6440"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001268"
},
{
"db": "CNVD",
"id": "CNVD-2013-00292"
},
{
"db": "BID",
"id": "57315"
},
{
"db": "IVD",
"id": "207536e4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59721"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6440",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-011-03",
"trust": 3.4
},
{
"db": "BID",
"id": "57315",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201301-461",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-00292",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001268",
"trust": 0.8
},
{
"db": "IVD",
"id": "207536E4-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-59721",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "207536e4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00292"
},
{
"db": "VULHUB",
"id": "VHN-59721"
},
{
"db": "BID",
"id": "57315"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001268"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-461"
},
{
"db": "NVD",
"id": "CVE-2012-6440"
}
]
},
"id": "VAR-201301-0157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "207536e4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00292"
},
{
"db": "VULHUB",
"id": "VHN-59721"
}
],
"trust": 1.60856114
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "207536e4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00292"
}
]
},
"last_update_date": "2024-11-23T21:55:39.671000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/"
},
{
"title": "Partner",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/"
},
{
"title": "Patch for Rockwell Automation ControlLogix Replay Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/29251"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00292"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001268"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59721"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001268"
},
{
"db": "NVD",
"id": "CVE-2012-6440"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-011-03.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6440"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6440"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57315"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00292"
},
{
"db": "VULHUB",
"id": "VHN-59721"
},
{
"db": "BID",
"id": "57315"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001268"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-461"
},
{
"db": "NVD",
"id": "CVE-2012-6440"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "207536e4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00292"
},
{
"db": "VULHUB",
"id": "VHN-59721"
},
{
"db": "BID",
"id": "57315"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001268"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-461"
},
{
"db": "NVD",
"id": "CVE-2012-6440"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "IVD",
"id": "207536e4-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00292"
},
{
"date": "2013-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-59721"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57315"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001268"
},
{
"date": "2013-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-461"
},
{
"date": "2013-01-24T21:55:01.697000",
"db": "NVD",
"id": "CVE-2012-6440"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00292"
},
{
"date": "2013-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-59721"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57315"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001268"
},
{
"date": "2013-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-461"
},
{
"date": "2024-11-21T01:46:07.900000",
"db": "NVD",
"id": "CVE-2012-6440"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-461"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation ControlLogix Replay Vulnerability",
"sources": [
{
"db": "IVD",
"id": "207536e4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00292"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-461"
}
],
"trust": 0.6
}
}
var-201301-0164
Vulnerability from variot
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a logic-execution stop and fault. plural Rockwell Automation Product has a service disruption ( Stop control and communication ) There is a vulnerability that becomes a condition.Stops logic execution and causes failure by a third party CIP Service disruption via message ( Stop control and communication ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. attack. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. When sending specially crafted CIP packets to ports 2222/TCP, Port 2222/UDP, Port 44818/TCP, and Port 44818/UDP, this vulnerability can cause buffer overflow , causing the NIC to deny service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexlogix 1788-enbt adapter",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1794-aentr flex i\\/o ethernet\\/ip adapter",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1768-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix l35e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1768-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "guardlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "1756-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l35e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "flex i/o ethernet/ip adapter 1794-aentr",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "flexlogix 1788-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1100"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1400"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "automation controllogix",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "compactlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "controllogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "softlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "guardlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "controllogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compactlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "softlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "micrologix",
"version": "*"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "14000"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "11000"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "20"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation controllogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "20"
},
{
"model": "automation controllogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation compactlogix l35e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix l32e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation 1794-aentr",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1788-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-eweb",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2t series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation controllogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1794 aentr flex i o ethernet ip adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l32e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l35e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "flexlogix 1788 enbt adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "204c10ca-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00287"
},
{
"db": "BID",
"id": "57306"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001263"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-261"
},
{
"db": "NVD",
"id": "CVE-2012-6435"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l32e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l35e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:compactlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controllogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1794-aentr_flex_i%2Fo_ethernet%2Fip_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:flexlogix_1788-enbt_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:guardlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:micrologix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:softlogix_controllers",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001263"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rub??n Santamarta",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-261"
}
],
"trust": 0.6
},
"cve": "CVE-2012-6435",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6435",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "204c10ca-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-59716",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6435",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6435",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-261",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "204c10ca-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-59716",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "204c10ca-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59716"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001263"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-261"
},
{
"db": "NVD",
"id": "CVE-2012-6435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a logic-execution stop and fault. plural Rockwell Automation Product has a service disruption ( Stop control and communication ) There is a vulnerability that becomes a condition.Stops logic execution and causes failure by a third party CIP Service disruption via message ( Stop control and communication ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. attack. Rockwell\u0027s products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. \nAn attacker can exploit these issues to crash the affected application, denying service to legitimate users. When sending specially crafted CIP packets to ports 2222/TCP, Port 2222/UDP, Port 44818/TCP, and Port 44818/UDP, this vulnerability can cause buffer overflow , causing the NIC to deny service",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6435"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001263"
},
{
"db": "CNVD",
"id": "CNVD-2013-00287"
},
{
"db": "BID",
"id": "57306"
},
{
"db": "IVD",
"id": "204c10ca-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59716"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6435",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-011-03",
"trust": 3.4
},
{
"db": "BID",
"id": "57306",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201301-261",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-00287",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001263",
"trust": 0.8
},
{
"db": "IVD",
"id": "204C10CA-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-59716",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "204c10ca-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00287"
},
{
"db": "VULHUB",
"id": "VHN-59716"
},
{
"db": "BID",
"id": "57306"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001263"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-261"
},
{
"db": "NVD",
"id": "CVE-2012-6435"
}
]
},
"id": "VAR-201301-0164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "204c10ca-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00287"
},
{
"db": "VULHUB",
"id": "VHN-59716"
}
],
"trust": 1.60856114
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "204c10ca-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00287"
}
]
},
"last_update_date": "2024-11-23T21:55:39.548000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/"
},
{
"title": "Partner",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/"
},
{
"title": "Patch for Rockwell Automation ControlLogix Remote Denial of Service Vulnerability (CNVD-2013-00287)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/29191"
},
{
"title": "1768-ENBT_4.004.006",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45390"
},
{
"title": "1756-EWEB_4.016",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45389"
},
{
"title": "1756-ENBT_6.006",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45388"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00287"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001263"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-261"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59716"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001263"
},
{
"db": "NVD",
"id": "CVE-2012-6435"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-011-03.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6435"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6435"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57306"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00287"
},
{
"db": "VULHUB",
"id": "VHN-59716"
},
{
"db": "BID",
"id": "57306"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001263"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-261"
},
{
"db": "NVD",
"id": "CVE-2012-6435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "204c10ca-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00287"
},
{
"db": "VULHUB",
"id": "VHN-59716"
},
{
"db": "BID",
"id": "57306"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001263"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-261"
},
{
"db": "NVD",
"id": "CVE-2012-6435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "IVD",
"id": "204c10ca-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00287"
},
{
"date": "2013-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-59716"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57306"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001263"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-261"
},
{
"date": "2013-01-24T21:55:01.430000",
"db": "NVD",
"id": "CVE-2012-6435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00287"
},
{
"date": "2013-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-59716"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57306"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001263"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-261"
},
{
"date": "2024-11-21T01:46:07.287000",
"db": "NVD",
"id": "CVE-2012-6435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-261"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Rockwell Automation Service disruption in products ( Stop control and communication ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001263"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "204c10ca-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-261"
}
],
"trust": 0.8
}
}
var-201301-0156
Vulnerability from variot
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit these issues to crash the affected application, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "compactlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1768-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "flexlogix 1788-enbt adapter",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix l35e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1768-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1794-aentr flex i\\/o ethernet\\/ip adapter",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "guardlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "1756-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l35e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "flex i/o ethernet/ip adapter 1794-aentr",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "flexlogix 1788-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1100"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1400"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "automation controllogix",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compactlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "controllogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "softlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "guardlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "softlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "micrologix",
"version": "*"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "14000"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "11000"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "20"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation controllogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "20"
},
{
"model": "automation controllogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation compactlogix l35e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix l32e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation 1794-aentr",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1788-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-eweb",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2t series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation controllogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1794 aentr flex i o ethernet ip adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l32e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l35e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "flexlogix 1788 enbt adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "20806212-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00291"
},
{
"db": "BID",
"id": "57308"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001267"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-260"
},
{
"db": "NVD",
"id": "CVE-2012-6439"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l32e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l35e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:compactlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controllogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1794-aentr_flex_i%2Fo_ethernet%2Fip_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:flexlogix_1788-enbt_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:guardlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:micrologix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:softlogix_controllers",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001267"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rub??n Santamarta",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-260"
}
],
"trust": 0.6
},
"cve": "CVE-2012-6439",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6439",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "20806212-2353-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-59720",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6439",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6439",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-260",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "20806212-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-59720",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "20806212-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59720"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001267"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-260"
},
{
"db": "NVD",
"id": "CVE-2012-6439"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell\u0027s products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. \nAn attacker can exploit these issues to crash the affected application, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6439"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001267"
},
{
"db": "CNVD",
"id": "CNVD-2013-00291"
},
{
"db": "BID",
"id": "57308"
},
{
"db": "IVD",
"id": "20806212-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59720"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6439",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-011-03",
"trust": 3.4
},
{
"db": "BID",
"id": "57308",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201301-260",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-00291",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001267",
"trust": 0.8
},
{
"db": "IVD",
"id": "20806212-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-59720",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "20806212-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00291"
},
{
"db": "VULHUB",
"id": "VHN-59720"
},
{
"db": "BID",
"id": "57308"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001267"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-260"
},
{
"db": "NVD",
"id": "CVE-2012-6439"
}
]
},
"id": "VAR-201301-0156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "20806212-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00291"
},
{
"db": "VULHUB",
"id": "VHN-59720"
}
],
"trust": 1.60856114
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "20806212-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00291"
}
]
},
"last_update_date": "2024-11-23T21:55:39.866000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/"
},
{
"title": "Partner",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/"
},
{
"title": "Patch for Rockwell Automation ControlLogix Remote Denial of Service Vulnerability (CNVD-2013-00291)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/29233"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00291"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001267"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001267"
},
{
"db": "NVD",
"id": "CVE-2012-6439"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-011-03.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6439"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6439"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57308"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00291"
},
{
"db": "VULHUB",
"id": "VHN-59720"
},
{
"db": "BID",
"id": "57308"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001267"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-260"
},
{
"db": "NVD",
"id": "CVE-2012-6439"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "20806212-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00291"
},
{
"db": "VULHUB",
"id": "VHN-59720"
},
{
"db": "BID",
"id": "57308"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001267"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-260"
},
{
"db": "NVD",
"id": "CVE-2012-6439"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "IVD",
"id": "20806212-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00291"
},
{
"date": "2013-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-59720"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57308"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001267"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-260"
},
{
"date": "2013-01-24T21:55:01.650000",
"db": "NVD",
"id": "CVE-2012-6439"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00291"
},
{
"date": "2013-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-59720"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57308"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001267"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-260"
},
{
"date": "2024-11-21T01:46:07.773000",
"db": "NVD",
"id": "CVE-2012-6439"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-260"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Rockwell Automation Service disruption in products ( Stop control and communication ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001267"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "57308"
}
],
"trust": 0.3
}
}
var-201301-0154
Vulnerability from variot
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image. Rockwell Automation MicroLogix is a programmable controller platform. The device incorrectly authenticates the user, allows the remote user to upload a new firmware image onto the Ethernet card, and does not check whether the firmware image is legitimate or corrupt, allowing an attacker to exploit the vulnerability to gain control of the device or crash the device. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0154",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "1756-enbt",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "flexlogix 1788-enbt adapter",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1768-eweb",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix l35e controller",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1794-aentr flex i\\/o ethernet\\/ip adapter",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1768-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "softlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "guardlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "1756-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l35e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "flex i/o ethernet/ip adapter 1794-aentr",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "flexlogix 1788-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1100"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1400"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "automation controllogix",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "compactlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "controllogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "softlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "guardlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "micrologix",
"version": "*"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "14000"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "11000"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "20"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation compactlogix l35e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix l32e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation 1794-aentr",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1788-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-eweb",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2t series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1794 aentr flex i o ethernet ip adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l32e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l35e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "flexlogix 1788 enbt adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "20403e12-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00289"
},
{
"db": "BID",
"id": "57317"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001265"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-460"
},
{
"db": "NVD",
"id": "CVE-2012-6437"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l32e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l35e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:compactlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controllogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1794-aentr_flex_i%2Fo_ethernet%2Fip_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:flexlogix_1788-enbt_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:guardlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:micrologix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:softlogix_controllers",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001265"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rub??n Santamarta",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-460"
}
],
"trust": 0.6
},
"cve": "CVE-2012-6437",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6437",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "20403e12-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-59718",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6437",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6437",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-460",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "20403e12-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-59718",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "20403e12-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59718"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001265"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-460"
},
{
"db": "NVD",
"id": "CVE-2012-6437"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image. Rockwell Automation MicroLogix is a programmable controller platform. The device incorrectly authenticates the user, allows the remote user to upload a new firmware image onto the Ethernet card, and does not check whether the firmware image is legitimate or corrupt, allowing an attacker to exploit the vulnerability to gain control of the device or crash the device. Rockwell\u0027s products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6437"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001265"
},
{
"db": "CNVD",
"id": "CNVD-2013-00289"
},
{
"db": "BID",
"id": "57317"
},
{
"db": "IVD",
"id": "20403e12-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59718"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6437",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-011-03",
"trust": 3.4
},
{
"db": "BID",
"id": "57317",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201301-460",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-00289",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001265",
"trust": 0.8
},
{
"db": "IVD",
"id": "20403E12-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89568",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-59718",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "20403e12-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00289"
},
{
"db": "VULHUB",
"id": "VHN-59718"
},
{
"db": "BID",
"id": "57317"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001265"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-460"
},
{
"db": "NVD",
"id": "CVE-2012-6437"
}
]
},
"id": "VAR-201301-0154",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "20403e12-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00289"
},
{
"db": "VULHUB",
"id": "VHN-59718"
}
],
"trust": 1.60856114
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "20403e12-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00289"
}
]
},
"last_update_date": "2024-11-23T21:55:39.589000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/"
},
{
"title": "Partner",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/"
},
{
"title": "Rockwell Automation ControlLogix Firmware Upload Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/29212"
},
{
"title": "1768-ENBT_4.004.006",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45390"
},
{
"title": "1756-EWEB_4.016",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45389"
},
{
"title": "1756-ENBT_6.006",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45388"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00289"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001265"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-460"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59718"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001265"
},
{
"db": "NVD",
"id": "CVE-2012-6437"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-011-03.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6437"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6437"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57317"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00289"
},
{
"db": "VULHUB",
"id": "VHN-59718"
},
{
"db": "BID",
"id": "57317"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001265"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-460"
},
{
"db": "NVD",
"id": "CVE-2012-6437"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "20403e12-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00289"
},
{
"db": "VULHUB",
"id": "VHN-59718"
},
{
"db": "BID",
"id": "57317"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001265"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-460"
},
{
"db": "NVD",
"id": "CVE-2012-6437"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "IVD",
"id": "20403e12-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00289"
},
{
"date": "2013-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-59718"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57317"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001265"
},
{
"date": "2013-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-460"
},
{
"date": "2013-01-24T21:55:01.523000",
"db": "NVD",
"id": "CVE-2012-6437"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00289"
},
{
"date": "2013-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-59718"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57317"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001265"
},
{
"date": "2013-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-460"
},
{
"date": "2024-11-21T01:46:07.530000",
"db": "NVD",
"id": "CVE-2012-6437"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-460"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation ControlLogix Firmware upload vulnerability",
"sources": [
{
"db": "IVD",
"id": "20403e12-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-460"
}
],
"trust": 0.6
}
}
var-201301-0158
Vulnerability from variot
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to obtain sensitive information via a crafted CIP packet. plural Rockwell Automation There are vulnerabilities in products that can capture important information.Skillfully crafted by a third party CIP Important information may be obtained through the packet. Rockwell Automation MicroLogix is a programmable controller platform. When the device receives a special request, it will disclose sensitive information. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. Allow arbitrary code execution or denial of service attacks. Rockwell Automation Controllogix has an input validation attack that allows an attacker to submit a malformed request to crash an application and require a physical restart for normal functionality. A security vulnerability exists in the Rockwell Automation Controllogix module startup code. Allow leaks of data. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. Information obtained may aid in further attacks. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Rockwell Automation ControlLogix Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA47737
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47737/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47737
RELEASE DATE: 2012-01-23
DISCUSS ADVISORY: http://secunia.com/advisories/47737/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47737/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47737
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Rockwell Automation ControlLogix, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a vulnerable device.
1) An input validation error when processing certain commands can be exploited to cause a device to stop responding.
2) An input validation error when processing certain packets can be exploited to cause a device to stop responding.
3) An error when processing interface control commands can be exploited to cause a device to stop responding.
4) An error when processing the stop command can be exploited to cause a device to stop responding.
5) An error when processing the dump command can be exploited to disclose the device's boot code, which may contain sensitive information.
6) An error when processing the reset command can be exploited to cause a device to stop responding.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Ruben Santamarta via Digital Bond\x92s SCADA Security Scientific Symposium (S4).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-Alert-12-020-02.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0158",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "automation controllogix",
"scope": "eq",
"trust": 2.7,
"vendor": "rockwell",
"version": "0"
},
{
"model": "compactlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1768-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "flexlogix 1788-enbt adapter",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix l35e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1768-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1794-aentr flex i\\/o ethernet\\/ip adapter",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "guardlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "1756-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l35e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "flex i/o ethernet/ip adapter 1794-aentr",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "flexlogix 1788-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1100"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1400"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compactlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "controllogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "softlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "guardlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "softlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "micrologix",
"version": "*"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "14000"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "11000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1794 aentr flex i o ethernet ip adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l32e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l35e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "flexlogix 1788 enbt adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "206f3a64-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"db": "CNVD",
"id": "CNVD-2012-0368"
},
{
"db": "CNVD",
"id": "CNVD-2012-0326"
},
{
"db": "CNVD",
"id": "CNVD-2012-0367"
},
{
"db": "BID",
"id": "51603"
},
{
"db": "BID",
"id": "57307"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001269"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-251"
},
{
"db": "NVD",
"id": "CVE-2012-6441"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l32e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l35e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:compactlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controllogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1794-aentr_flex_i%2Fo_ethernet%2Fip_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:flexlogix_1788-enbt_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:guardlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:micrologix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:softlogix_controllers",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001269"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rub\u00e9n Santamarta",
"sources": [
{
"db": "BID",
"id": "51603"
},
{
"db": "BID",
"id": "57307"
}
],
"trust": 0.6
},
"cve": "CVE-2012-6441",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6441",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "206f3a64-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.3 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.3 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.3 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-59722",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6441",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-6441",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-251",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "206f3a64-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-59722",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "206f3a64-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59722"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001269"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-251"
},
{
"db": "NVD",
"id": "CVE-2012-6441"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to obtain sensitive information via a crafted CIP packet. plural Rockwell Automation There are vulnerabilities in products that can capture important information.Skillfully crafted by a third party CIP Important information may be obtained through the packet. Rockwell Automation MicroLogix is a programmable controller platform. When the device receives a special request, it will disclose sensitive information. Rockwell\u0027s products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. Allow arbitrary code execution or denial of service attacks. Rockwell Automation Controllogix has an input validation attack that allows an attacker to submit a malformed request to crash an application and require a physical restart for normal functionality. A security vulnerability exists in the Rockwell Automation Controllogix module startup code. Allow leaks of data. \nAn attacker can exploit these issues to crash the affected application, denying service to legitimate users. Information obtained may aid in further attacks. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nRockwell Automation ControlLogix Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA47737\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47737/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47737\n\nRELEASE DATE:\n2012-01-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47737/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47737/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47737\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Rockwell Automation\nControlLogix, which can be exploited by malicious people to disclose\nsystem information, cause a DoS (Denial of Service), and compromise a\nvulnerable device. \n\n1) An input validation error when processing certain commands can be\nexploited to cause a device to stop responding. \n\n2) An input validation error when processing certain packets can be\nexploited to cause a device to stop responding. \n\n3) An error when processing interface control commands can be\nexploited to cause a device to stop responding. \n\n4) An error when processing the stop command can be exploited to\ncause a device to stop responding. \n\n5) An error when processing the dump command can be exploited to\ndisclose the device\u0027s boot code, which may contain sensitive\ninformation. \n\n6) An error when processing the reset command can be exploited to\ncause a device to stop responding. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Ruben Santamarta via Digital Bond\\x92s SCADA Security\nScientific Symposium (S4). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICS-Alert-12-020-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6441"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001269"
},
{
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"db": "CNVD",
"id": "CNVD-2012-0368"
},
{
"db": "CNVD",
"id": "CNVD-2012-0326"
},
{
"db": "CNVD",
"id": "CNVD-2012-0367"
},
{
"db": "BID",
"id": "51603"
},
{
"db": "BID",
"id": "57307"
},
{
"db": "IVD",
"id": "206f3a64-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59722"
},
{
"db": "PACKETSTORM",
"id": "108984"
}
],
"trust": 5.22
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6441",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-011-03",
"trust": 3.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-020-02",
"trust": 2.5
},
{
"db": "BID",
"id": "51603",
"trust": 2.1
},
{
"db": "BID",
"id": "57307",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201301-251",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-00293",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-0367",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-0326",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-0368",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001269",
"trust": 0.8
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-020-02A",
"trust": 0.3
},
{
"db": "IVD",
"id": "206F3A64-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "93F6AF48-1F76-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "22579FC2-1F77-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "92C985FA-1F76-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "47737",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89472",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-59722",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108984",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "206f3a64-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"db": "CNVD",
"id": "CNVD-2012-0368"
},
{
"db": "CNVD",
"id": "CNVD-2012-0326"
},
{
"db": "CNVD",
"id": "CNVD-2012-0367"
},
{
"db": "VULHUB",
"id": "VHN-59722"
},
{
"db": "BID",
"id": "51603"
},
{
"db": "BID",
"id": "57307"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001269"
},
{
"db": "PACKETSTORM",
"id": "108984"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-251"
},
{
"db": "NVD",
"id": "CVE-2012-6441"
}
]
},
"id": "VAR-201301-0158",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "206f3a64-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"db": "CNVD",
"id": "CNVD-2012-0368"
},
{
"db": "CNVD",
"id": "CNVD-2012-0326"
},
{
"db": "CNVD",
"id": "CNVD-2012-0367"
},
{
"db": "VULHUB",
"id": "VHN-59722"
}
],
"trust": 4.13031673
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "206f3a64-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"db": "CNVD",
"id": "CNVD-2012-0368"
},
{
"db": "CNVD",
"id": "CNVD-2012-0326"
},
{
"db": "CNVD",
"id": "CNVD-2012-0367"
}
]
},
"last_update_date": "2024-11-23T21:55:39.715000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/"
},
{
"title": "Partner",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/"
},
{
"title": "Rockwell Automation ControlLogix Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/29253"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001269"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59722"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001269"
},
{
"db": "NVD",
"id": "CVE-2012-6441"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-011-03.pdf"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-020-02.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6441"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6441"
},
{
"trust": 0.6,
"url": "http://www.rockwellautomation.com/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57307"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-020-02a.pdf"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47737"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47737/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47737/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"db": "CNVD",
"id": "CNVD-2012-0368"
},
{
"db": "CNVD",
"id": "CNVD-2012-0326"
},
{
"db": "CNVD",
"id": "CNVD-2012-0367"
},
{
"db": "VULHUB",
"id": "VHN-59722"
},
{
"db": "BID",
"id": "51603"
},
{
"db": "BID",
"id": "57307"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001269"
},
{
"db": "PACKETSTORM",
"id": "108984"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-251"
},
{
"db": "NVD",
"id": "CVE-2012-6441"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "206f3a64-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"db": "CNVD",
"id": "CNVD-2012-0368"
},
{
"db": "CNVD",
"id": "CNVD-2012-0326"
},
{
"db": "CNVD",
"id": "CNVD-2012-0367"
},
{
"db": "VULHUB",
"id": "VHN-59722"
},
{
"db": "BID",
"id": "51603"
},
{
"db": "BID",
"id": "57307"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001269"
},
{
"db": "PACKETSTORM",
"id": "108984"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-251"
},
{
"db": "NVD",
"id": "CVE-2012-6441"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "IVD",
"id": "206f3a64-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-02T00:00:00",
"db": "IVD",
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-01T00:00:00",
"db": "IVD",
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-02T00:00:00",
"db": "IVD",
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"date": "2012-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0368"
},
{
"date": "2012-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0326"
},
{
"date": "2012-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0367"
},
{
"date": "2013-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-59722"
},
{
"date": "2012-01-20T00:00:00",
"db": "BID",
"id": "51603"
},
{
"date": "2013-01-14T00:00:00",
"db": "BID",
"id": "57307"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001269"
},
{
"date": "2012-01-23T03:48:18",
"db": "PACKETSTORM",
"id": "108984"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-251"
},
{
"date": "2013-01-24T21:55:01.727000",
"db": "NVD",
"id": "CVE-2012-6441"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"date": "2012-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0368"
},
{
"date": "2012-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0326"
},
{
"date": "2012-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0367"
},
{
"date": "2013-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-59722"
},
{
"date": "2012-02-15T17:30:00",
"db": "BID",
"id": "51603"
},
{
"date": "2013-01-14T00:00:00",
"db": "BID",
"id": "57307"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001269"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-251"
},
{
"date": "2024-11-21T01:46:08.013000",
"db": "NVD",
"id": "CVE-2012-6441"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "51603"
},
{
"db": "BID",
"id": "57307"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation ControlLogix Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "206f3a64-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00293"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-251"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design error",
"sources": [
{
"db": "IVD",
"id": "93f6af48-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "22579fc2-1f77-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92c985fa-1f76-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "51603"
},
{
"db": "BID",
"id": "57307"
}
],
"trust": 1.2
}
}
var-201301-0155
Vulnerability from variot
Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet. plural Rockwell Automation The product contains a buffer overflow vulnerability.Malformed by a third party CIP Service disruption via packets (NIC Crashes and communication outages ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. The device does not verify the data to be copied to the buffer, allowing the remote attacker to send a specially crafted CIP message to the 2222/TCP, 2222/UDP, 44818/TCP or 44818/UDP port, triggering a buffer overflow and causing the NIC to crash. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit this issue to cause the NIC to crash, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0155",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "compactlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1768-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "flexlogix 1788-enbt adapter",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix l35e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1768-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1794-aentr flex i\\/o ethernet\\/ip adapter",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "guardlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "1756-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l35e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "flex i/o ethernet/ip adapter 1794-aentr",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "flexlogix 1788-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1100"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1400"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "automation controllogix",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compactlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "controllogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "softlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "guardlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "softlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "micrologix",
"version": "*"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "14000"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "11000"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "20"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation compactlogix l35e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix l32e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation 1794-aentr",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1788-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-eweb",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2t series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1794 aentr flex i o ethernet ip adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l32e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l35e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "flexlogix 1788 enbt adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "203ab488-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00290"
},
{
"db": "BID",
"id": "57310"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-258"
},
{
"db": "NVD",
"id": "CVE-2012-6438"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l32e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l35e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:compactlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controllogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1794-aentr_flex_i%2Fo_ethernet%2Fip_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:flexlogix_1788-enbt_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:guardlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:micrologix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:softlogix_controllers",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001266"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rub??n Santamarta",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-258"
}
],
"trust": 0.6
},
"cve": "CVE-2012-6438",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6438",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "203ab488-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-59719",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6438",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6438",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-258",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "203ab488-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-59719",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "203ab488-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59719"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-258"
},
{
"db": "NVD",
"id": "CVE-2012-6438"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet. plural Rockwell Automation The product contains a buffer overflow vulnerability.Malformed by a third party CIP Service disruption via packets (NIC Crashes and communication outages ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. The device does not verify the data to be copied to the buffer, allowing the remote attacker to send a specially crafted CIP message to the 2222/TCP, 2222/UDP, 44818/TCP or 44818/UDP port, triggering a buffer overflow and causing the NIC to crash. Rockwell\u0027s products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. \nAn attacker can exploit this issue to cause the NIC to crash, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6438"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001266"
},
{
"db": "CNVD",
"id": "CNVD-2013-00290"
},
{
"db": "BID",
"id": "57310"
},
{
"db": "IVD",
"id": "203ab488-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59719"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6438",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-011-03",
"trust": 3.4
},
{
"db": "BID",
"id": "57310",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201301-258",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-00290",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001266",
"trust": 0.8
},
{
"db": "IVD",
"id": "203AB488-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-59719",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "203ab488-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00290"
},
{
"db": "VULHUB",
"id": "VHN-59719"
},
{
"db": "BID",
"id": "57310"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-258"
},
{
"db": "NVD",
"id": "CVE-2012-6438"
}
]
},
"id": "VAR-201301-0155",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "203ab488-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00290"
},
{
"db": "VULHUB",
"id": "VHN-59719"
}
],
"trust": 1.60856114
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "203ab488-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00290"
}
]
},
"last_update_date": "2024-11-23T21:55:39.630000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/"
},
{
"title": "Partner",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/"
},
{
"title": "Patch for Rockwell Automation ControlLogix Remote Denial of Service Vulnerability (CNVD-2013-00290)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/29231"
},
{
"title": "1768-ENBT_4.004.006",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45390"
},
{
"title": "1756-EWEB_4.016",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45389"
},
{
"title": "1756-ENBT_6.006",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45388"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00290"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-258"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59719"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001266"
},
{
"db": "NVD",
"id": "CVE-2012-6438"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-011-03.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6438"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6438"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57310"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00290"
},
{
"db": "VULHUB",
"id": "VHN-59719"
},
{
"db": "BID",
"id": "57310"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-258"
},
{
"db": "NVD",
"id": "CVE-2012-6438"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "203ab488-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00290"
},
{
"db": "VULHUB",
"id": "VHN-59719"
},
{
"db": "BID",
"id": "57310"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001266"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-258"
},
{
"db": "NVD",
"id": "CVE-2012-6438"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "IVD",
"id": "203ab488-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00290"
},
{
"date": "2013-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-59719"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57310"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001266"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-258"
},
{
"date": "2013-01-24T21:55:01.603000",
"db": "NVD",
"id": "CVE-2012-6438"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00290"
},
{
"date": "2013-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-59719"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57310"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001266"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-258"
},
{
"date": "2024-11-21T01:46:07.650000",
"db": "NVD",
"id": "CVE-2012-6438"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-258"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Rockwell Automation Product buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001266"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "203ab488-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-258"
}
],
"trust": 0.8
}
}
var-201301-0153
Vulnerability from variot
Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (CPU crash and communication outage) via a malformed CIP packet. plural Rockwell Automation The product contains a buffer overflow vulnerability.Malformed by a third party CIP Service disruption via packets (CPU Crashes and communication outages ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. The device does not verify the data to be copied to the buffer, allowing the remote attacker to send a specially crafted CIP message to the 2222/TCP, 2222/UDP, 44818/TCP or 44818/UDP port, triggering a buffer overflow and crashing the CPU. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit this issue to cause the NIC to crash, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0153",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "1756-enbt",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-eweb",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1768-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "flexlogix 1788-enbt adapter",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix l35e controller",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1768-eweb",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "softlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "1794-aentr flex i\\/o ethernet\\/ip adapter",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "guardlogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "micrologix",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "1756-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1768-eweb",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l32e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix l35e controller",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "compactlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "controllogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "flex i/o ethernet/ip adapter 1794-aentr",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "flexlogix 1788-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "guardlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "20"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1100"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "1400"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "18"
},
{
"model": "softlogix controller",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "19"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "guardlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "1100"
},
{
"model": "softlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "guardlogix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "18"
},
{
"model": "compactlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "1400"
},
{
"model": "softlogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "19"
},
{
"model": "controllogix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "micrologix",
"version": "*"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "14000"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "11000"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "20"
},
{
"model": "automation guardlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation compactlogix l35e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix l32e",
"scope": null,
"trust": 0.3,
"vendor": "rockwell",
"version": null
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "19"
},
{
"model": "automation compactlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "18"
},
{
"model": "automation 1794-aentr",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1788-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-eweb",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1768-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-enbt",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2t series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1756 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 enbt",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1768 eweb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "1794 aentr flex i o ethernet ip adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix controllers",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l32e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix l35e controller",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "controllogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "flexlogix 1788 enbt adapter",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "guardlogix",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softlogix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2046895c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00288"
},
{
"db": "BID",
"id": "57311"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001264"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-257"
},
{
"db": "NVD",
"id": "CVE-2012-6436"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1756-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-enbt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1768-eweb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l32e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:compactlogix_l35e_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:compactlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controllogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:1794-aentr_flex_i%2Fo_ethernet%2Fip_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:rockwellautomation:flexlogix_1788-enbt_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:guardlogix_controllers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:micrologix",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:softlogix_controllers",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001264"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rub??n Santamarta",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-257"
}
],
"trust": 0.6
},
"cve": "CVE-2012-6436",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6436",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "2046895c-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-59717",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6436",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6436",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-257",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "2046895c-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-59717",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2046895c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59717"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001264"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-257"
},
{
"db": "NVD",
"id": "CVE-2012-6436"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (CPU crash and communication outage) via a malformed CIP packet. plural Rockwell Automation The product contains a buffer overflow vulnerability.Malformed by a third party CIP Service disruption via packets (CPU Crashes and communication outages ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. The device does not verify the data to be copied to the buffer, allowing the remote attacker to send a specially crafted CIP message to the 2222/TCP, 2222/UDP, 44818/TCP or 44818/UDP port, triggering a buffer overflow and crashing the CPU. Rockwell\u0027s products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. \nAn attacker can exploit this issue to cause the NIC to crash, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6436"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001264"
},
{
"db": "CNVD",
"id": "CNVD-2013-00288"
},
{
"db": "BID",
"id": "57311"
},
{
"db": "IVD",
"id": "2046895c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-59717"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6436",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-011-03",
"trust": 3.4
},
{
"db": "BID",
"id": "57311",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201301-257",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-00288",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001264",
"trust": 0.8
},
{
"db": "IVD",
"id": "2046895C-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89534",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-59717",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2046895c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00288"
},
{
"db": "VULHUB",
"id": "VHN-59717"
},
{
"db": "BID",
"id": "57311"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001264"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-257"
},
{
"db": "NVD",
"id": "CVE-2012-6436"
}
]
},
"id": "VAR-201301-0153",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2046895c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00288"
},
{
"db": "VULHUB",
"id": "VHN-59717"
}
],
"trust": 1.5604344666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2046895c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00288"
}
]
},
"last_update_date": "2024-11-23T21:55:39.825000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/"
},
{
"title": "Partner",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.rockwellautomation.com/"
},
{
"title": "Patch for Rockwell Automation ControlLogix Remote Denial of Service Vulnerability (CNVD-2013-00288)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/29211"
},
{
"title": "1768-ENBT_4.004.006",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45390"
},
{
"title": "1756-EWEB_4.016",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45389"
},
{
"title": "1756-ENBT_6.006",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45388"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00288"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001264"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-257"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59717"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001264"
},
{
"db": "NVD",
"id": "CVE-2012-6436"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-011-03.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6436"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6436"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57311"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00288"
},
{
"db": "VULHUB",
"id": "VHN-59717"
},
{
"db": "BID",
"id": "57311"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001264"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-257"
},
{
"db": "NVD",
"id": "CVE-2012-6436"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2046895c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00288"
},
{
"db": "VULHUB",
"id": "VHN-59717"
},
{
"db": "BID",
"id": "57311"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001264"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-257"
},
{
"db": "NVD",
"id": "CVE-2012-6436"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "IVD",
"id": "2046895c-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00288"
},
{
"date": "2013-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-59717"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57311"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001264"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-257"
},
{
"date": "2013-01-24T21:55:01.477000",
"db": "NVD",
"id": "CVE-2012-6436"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00288"
},
{
"date": "2013-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-59717"
},
{
"date": "2013-01-11T00:00:00",
"db": "BID",
"id": "57311"
},
{
"date": "2013-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001264"
},
{
"date": "2013-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-257"
},
{
"date": "2024-11-21T01:46:07.403000",
"db": "NVD",
"id": "CVE-2012-6436"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-257"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Rockwell Automation Product buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001264"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "2046895c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-257"
}
],
"trust": 0.8
}
}