CVE-2011-3489
published 2011-09-16CVE-2011-3489: RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.98%
94.6th percentile
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | rslogix | <= 19 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell RSLogix Overflow Vulnerability (Update A)
cisa_ics·2011-09-13
Rockwell RSLogix Overflow Vulnerability (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell RSLogix Overflow Vulnerability (Update A)
Last RevisedSeptember 06, 2018
Alert CodeICSA-11-273-03A
## Overview
This updated advisory is a follow-up to the Alert titled “ICS-ALERT-11-256-05A—Rockwell RSLogix Overflow Vulnerability” that was published September 13, 2011, on the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) web page.
ICS-CERT is aware of a public report of an overflow vulnerability in Rockwell Automation’s RSLogix application that could lead to a denial-of-service condition.
## --------- Begin Update A Part 1 of 2 --------
Rockwell
GHSA
GHSA-ppc2-xqjm-q5fp: RnaUtility
ghsa_unreviewed·2022-05-17
CVE-2011-3489 [MEDIUM] CWE-119 GHSA-ppc2-xqjm-q5fp: RnaUtility
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.
Suricata
ET SCADA Rockwell RNA Message Large Header Length - 8Kb
suricata·2011-09-30
ET SCADA Rockwell RNA Message Large Header Length - 8Kb
ET SCADA Rockwell RNA Message Large Header Length - 8Kb
Rule: alert tcp any !443 -> $HOME_NET [1330,1331,1332,4241,4242,4445,4446,5241,6543,9111,60093,49281] (msg:"ET SCADA Rockwell RNA Message Large Header Length - 8Kb"; flow:established,to_server; content:"rna|f2|"; startswith; fast_pattern; byte_test:4,>,0x2000,0,relative,little; classtype:attempted-dos; sid:2049795; rev:5; metadata:attack_target ICS, created_at 2011_09_30, cve CVE_2011_3489, deployment Internal, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_12_27, reviewed_at 2024_03_06, former_sid 2803783; target:dest_ip;)
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/rslogix_1-adv.txthttp://securityreason.com/securityalert/8383http://www.securityfocus.com/bid/49608https://exchange.xforce.ibmcloud.com/vulnerabilities/69808http://aluigi.altervista.org/adv/rslogix_1-adv.txthttp://securityreason.com/securityalert/8383http://www.securityfocus.com/bid/49608https://exchange.xforce.ibmcloud.com/vulnerabilities/69808
2011-09-16
Published