cbcvebase.

Rockwell Automation Compactlogix And Softlogix Controllers vulnerabilities

8 known vulnerabilities affecting rockwell_automation/compactlogix_and_softlogix_controllers.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2012-6437P3CRITICALCVSS 9.8≤ 192013-01-24
CVE-2012-6437 [CRITICAL] CWE-287 CVE-2012-6437: The device does not properly authenticate users and the potential exists for a remote user to upload The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with ot
nvd
CVE-2012-6438P3HIGHCVSS 7.5≤ 192013-01-24
CVE-2012-6438 [HIGH] CWE-119 CVE-2012-6438: The device does not properly validate the data being sent to the buffer. An attacker can send a malf The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communicat
nvd
CVE-2012-6436P3HIGHCVSS 7.5≤ 192013-01-24
CVE-2012-6436 [HIGH] CWE-119 CVE-2012-6436: The device does not properly validate the data being sent to the buffer. An attacker can send a malf The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communicat
nvd
CVE-2012-6435P3HIGHCVSS 7.5≤ 192013-01-24
CVE-2012-6435 [HIGH] CWE-284 CVE-2012-6435: When an affected product receives a valid CIP message from an unauthorized or unintended source to P When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected
nvd
CVE-2012-6439P3HIGHCVSS 8.5≤ 192013-01-24
CVE-2012-6439 [HIGH] CWE-284 CVE-2012-6439: When an affected product receives a valid CIP message from an unauthorized or unintended source to When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation could cause loss of availability and a disruption of communication with other connected
nvd
CVE-2012-6442P3HIGHCVSS 7.5≤ 192013-01-24
CVE-2012-6442 [HIGH] CWE-284 CVE-2012-6442: When an affected product receives a valid CIP message from an unauthorized or unintended source to P When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices. Rockwell Automation Ethe
nvd
CVE-2012-6441P3MEDIUMCVSS 5.0≤ 192013-01-24
CVE-2012-6441 [MEDIUM] CWE-200 CVE-2012-6441: An information exposure of confidential information results when the device receives a specially cra An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-
nvd
CVE-2012-6440P4MEDIUMCVSS 4.8≤ 192013-01-24
CVE-2012-6440 [MEDIUM] CWE-287 CVE-2012-6440: The Web server password authentication mechanism used by the products is vulnerable to a MitM and Re The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB,
nvd
Rockwell Automation Compactlogix And Softlogix Controllers vulnerabilities | cvebase