cbcvebase.

Rockwellautomation Rslinx vulnerabilities

9 known vulnerabilities affecting rockwellautomation/rslinx.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2019-6553P2CRITICALCVSS 9.8≤ 4.10.002019-04-04
CVE-2019-6553 [CRITICAL] CWE-121 CVE-2019-6553: A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition.
nvd
CVE-2018-14829P2CRITICALCVSS 9.8≤ 4.00.012018-09-20
CVE-2018-14829 [CRITICAL] CWE-121 CVE-2018-14829: Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat act
nvd
CVE-2018-14821P3HIGHCVSS 7.5≤ 4.00.012018-09-20
CVE-2018-14821 [HIGH] CWE-122 CVE-2018-14821: Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.
nvd
CVE-2018-14827P3HIGHCVSS 7.5≤ 4.00.012018-09-20
CVE-2018-14827 [HIGH] CWE-400 CVE-2018-14827: Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat acto Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.
nvd
CVE-2020-13573P3HIGHCVSS 7.5v2.57.00.142021-01-07
CVE-2020-13573 [HIGH] CWE-823 CVE-2020-13573: A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automat A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.
nvd
CVE-2011-2530P3CRITICALCVSS 9.3fixed in 2.582011-06-22
CVE-2011-2530 [CRITICAL] CWE-119 CVE-2011-2530: Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlie Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file.
nvd
CVE-2020-12034P3HIGHCVSS 8.2≤ 4.11.002020-05-20
CVE-2020-12034 [HIGH] CWE-89 CVE-2020-12034: Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously cal Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide
nvd
CVE-2014-9204P4MEDIUMCVSS 6.9fixed in 3.73.002015-05-17
CVE-2014-9204 [MEDIUM] CWE-119 CVE-2014-9204: Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allo Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file.
nvd
CVE-2020-12038P4MEDIUMCVSS 5.5≤ 4.11.002020-05-19
CVE-2020-12038 [MEDIUM] CWE-119 CVE-2020-12038: Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously cal Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerabili
nvd
Rockwellautomation Rslinx vulnerabilities | cvebase