CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-10952 – Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption
https://notcve.org/view.php?id=CVE-2019-10952
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. Un atacante podría enviar una petición HTTP/HTTPS creada para hacer que el servidor web no esté disponible y/o provocar una ejecución remota de código causada por una vulnerabilidad de desbordamiento de búfer basada en la región stack de memoria. Un reinicio en frío es requerido para recuperar los controladores CompactLogix 5370 L1, L2 y L3, los controladores Compact GuardLogix 5370 y los controladores Armor Compact GuardLogix 5370 versiones 20 a 30.014 y sistemas anteriores. • http://www.securityfocus.com/bid/108118 https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2019-10954 – Rockwell Automation CompactLogix 5370 Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-10954
An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. Un atacante podría enviar paquetes SMTP creados para causar una condición de denegación de servicio en la que el controlador entra en un estado de fallo superior no recuperable (MNRF) en los controladores CompactLogix 5370 L1, L2 y L3, los controladores Compact GuardLogix 5370 y los controladores Armor Compact GuardLogix 5370 de las versiones 20 a 30.014 y anteriores. • http://www.securityfocus.com/bid/108118 https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 101EXPL: 0CVE-2016-9343
https://notcve.org/view.php?id=CVE-2016-9343
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. Ha sido descubierto un problema en Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 a 21.00 (excluyendo todas las versiones de firmware anteriores a FRN 16.00, que no se ven afectadas). Al enviar un paquete de protocolo industrial común (CIP) malformado, un atacante puede realizar un desbordamiento de búfer basado en pila y ejecutar código en el controlador o iniciar un fallo irrecuperable que da como resultado una denegación de servicio. • http://www.securityfocus.com/bid/95304 https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05 • CWE-787: Out-of-bounds Write •