CVE-2011-3489 – Rockwell RSLogix 19 - Denial of Service

https://notcve.org/view.php?id=CVE-2011-3489

RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field. RnaUtility.dll de RsvcHost.exe 2.30.0.23 en Rockwell RSLogix 19 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete rna modificado con una cadena extensa al puerto TCP 4446 que provoca (1) "un desbordamiento cero" o (2) una lectura fuera de límites, relacionado con un manejo inadecuado de un campo de tamaño de 32 bits. • https://www.exploit-db.com/exploits/17843 http://aluigi.altervista.org/adv/rslogix_1-adv.txt http://securityreason.com/securityalert/8383 http://www.securityfocus.com/bid/49608 https://exchange.xforce.ibmcloud.com/vulnerabilities/69808 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •