CVE-2020-13573
published 2021-01-07CVE-2020-13573: A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
3.39%
87.3th percentile
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | rslinx | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Denial-of-service vulnerability in Rockwell Automation RSLinx
blogs_talos·2021-01-07·CVSS 7.5
[HIGH] Vulnerability Spotlight: Denial-of-service vulnerability in Rockwell Automation RSLinx
## Vulnerability Spotlight: Denial-of-service vulnerability in Rockwell Automation RSLinx
Alexander Perez-Palma of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered a denial-of-service vulnerability in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic. An attacker could exploit this vulnerability by sending the target a series of malicious packets. RSLinx Classic software is a communication server for the MicroLogix 1100 Programmable Controller. It helps plant devices communicate with other Rockwell server and client applications.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Rockwell Automation to ensure that these issues are resolved and that an update is available for affected custo
Talos
Vulnerability Spotlight: Denial-of-service vulnerability in Rockwell Automation RSLinx
blogs_talos·2021-01-07·CVSS 7.5
[HIGH] Vulnerability Spotlight: Denial-of-service vulnerability in Rockwell Automation RSLinx
Alexander Perez-Palma of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered a denial-of-service vulnerability in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic. An attacker could exploit this vulnerability by sending the target a series of malicious packets. RSLinx Classic software is a communication server for the MicroLogix 1100 Programmable Controller. It helps plant devices communicate with other Rockwell server and client applications.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Rockwell Automation to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details
Rockwell Automation RSLinx classic ethernet/IP server deni
2021-01-07
Published