CVE-2014-9204
published 2015-05-17CVE-2014-9204: Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted…
PriorityP433medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
1.57%
72.3th percentile
Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | rslinx | < 3.73.00 | 3.73.00 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation RSLinx Classic Vulnerability
cisa_ics·2018-08-27
Rockwell Automation RSLinx Classic Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation RSLinx Classic Vulnerability
Last RevisedAugust 27, 2018
Alert CodeICSA-15-111-02
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on April 21, 2015, and is being released to the NCCIC/ICS-CERT web site.
Ivan Sanchez of WiseSecurity Team has identified a stack-based buffer overflow vulnerability in Rockwell Automation’s OPCTest.exe, which is a test client for RSLinx Classic’s support of the OPC-DA protocol. Rockwell Automation has produced a new version that mitigates this vulnerability.
## AFFECTED PRODUCTS
The followin
GHSA
GHSA-crm8-wh89-w6g4: Stack-based buffer overflow in OPCTest
ghsa_unreviewed·2022-05-14
CVE-2014-9204 [MEDIUM] CWE-119 GHSA-crm8-wh89-w6g4: Stack-based buffer overflow in OPCTest
Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-05-17
Published