CVE-2018-14827
published 2018-09-20CVE-2018-14827: Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP…
PriorityP345high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
3.76%
88.5th percentile
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | rslinx_classic | — | — |
| rockwellautomation | rslinx | <= 4.00.01 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation RSLinx Classic
cisa_ics·2018-10-10·CVSS 7.5
[HIGH] Rockwell Automation RSLinx Classic
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation RSLinx Classic
Last RevisedOctober 10, 2018
Alert CodeICSA-18-263-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Rockwell Automation
- Equipment: RSLinx Classic
- Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Resource Exhaustion
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device being accessed or allow arbitrary code execution on the device.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of
GHSA
GHSA-x977-8678-7c9x: Rockwell Automation RSLinx Classic Versions 4
ghsa_unreviewed·2022-05-13
CVE-2018-14827 [HIGH] CWE-400 GHSA-x977-8678-7c9x: Rockwell Automation RSLinx Classic Versions 4
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-09-20
Published