CVE-2012-4713
published 2013-04-18CVE-2012-4713: Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4…
PriorityP433high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
3.22%
86.6th percentile
Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | factorytalk_services_platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4qrq-mvr6-2gj3: Integer signedness error in RNADiagnostics
ghsa_unreviewed·2022-05-17
CVE-2012-4713 [HIGH] GHSA-4qrq-mvr6-2gj3: Integer signedness error in RNADiagnostics
Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value.
CISA ICS
Rockwell Automation FactoryTalk and RSLinx Vulnerabilities (Update A)
cisa_ics·2013-04-05
Rockwell Automation FactoryTalk and RSLinx Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation FactoryTalk and RSLinx Vulnerabilities (Update A)
Last RevisedSeptember 05, 2018
Alert CodeICSA-13-095-02A
## OVERVIEW
## --------- Begin Update A Part 1 of 4 --------
This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page.
## --------- End Update A Part 1 of 4 ----------
Researcher Carsten Eiram of Risk Based Security has identified multiple input validation vulnerabilities in Rockwell Automation’s FactoryTalk
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-04-18
Published