CVE-2012-6438
published 2013-01-24CVE-2012-6438: The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port…
PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
32.73%
98.1th percentile
The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | 1788-enbt_flexlogix_adapter | — | — |
| rockwell_automation | 1794-aentr_flex_i_o_ethernet_ip_adapter | — | — |
| rockwell_automation | compactlogix_and_softlogix_controllers | <= 19 | — |
| rockwell_automation | compactlogix_l32e_and_l35e_controllers | — | — |
| rockwell_automation | controllogix_and_guardlogix_controllers | <= 20 | — |
| rockwell_automation | micrologix | — | — |
| rockwell_automation | micrologix | — | — |
| rockwellautomation | compactlogix | <= 18 | — |
| rockwellautomation | compactlogix_controllers | <= 19 | — |
| rockwellautomation | controllogix | <= 18 | — |
| rockwellautomation | controllogix_controllers | <= 20 | — |
| rockwellautomation | guardlogix | <= 18 | — |
| rockwellautomation | guardlogix_controllers | <= 20 | — |
| rockwellautomation | micrologix | <= 1100 | — |
| rockwellautomation | micrologix | <= 1400 | — |
| rockwellautomation | softlogix | <= 18 | — |
| rockwellautomation | softlogix_controllers | <= 19 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qrw8-3h67-8hff: Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E a
ghsa_unreviewed·2022-05-17
CVE-2012-6438 [HIGH] CWE-119 GHSA-qrw8-3h67-8hff: Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E a
Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet.
CISA ICS
Rockwell Automation ControlLogix PLC Vulnerabilities
cisa_ics·2012-02-14
Rockwell Automation ControlLogix PLC Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation ControlLogix PLC Vulnerabilities
Last RevisedFebruary 13, 2019
Alert CodeICSA-13-011-03
## Overview
This advisory is a follow up to the original alert titled ICS-ALERT-12-020-02A—Rockwell Automation ControlLogix PLC Vulnerabilities that was published February 14, 2012, on the ICS-CERT Web page.
Independent researcher Rubén Santamarta of IOActive identified vulnerabilities in Rockwell Automation’s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012. The vulnerabilities are exploitable by transmit
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf
2013-01-24
Published