CVE-2012-4714
published 2013-04-18CVE-2012-4714: Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5…
PriorityP335high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
3.22%
86.6th percentile
Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | factorytalk_services_platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation FactoryTalk and RSLinx Vulnerabilities (Update A)
cisa_ics·2013-04-05
Rockwell Automation FactoryTalk and RSLinx Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation FactoryTalk and RSLinx Vulnerabilities (Update A)
Last RevisedSeptember 05, 2018
Alert CodeICSA-13-095-02A
## OVERVIEW
## --------- Begin Update A Part 1 of 4 --------
This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page.
## --------- End Update A Part 1 of 4 ----------
Researcher Carsten Eiram of Risk Based Security has identified multiple input validation vulnerabilities in Rockwell Automation’s FactoryTalk
GHSA
GHSA-mwv2-9vmf-ph7h: Integer overflow in RNADiagnostics
ghsa_unreviewed·2022-05-17
CVE-2012-4714 [HIGH] GHSA-mwv2-9vmf-ph7h: Integer overflow in RNADiagnostics
Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-04-18
Published