Page 2 of 9 results (0.005 seconds)

CVSS: 7.7EPSS: 0%CPEs: 10EXPL: 0

Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. Rockwell Automation Studio 5000 Logix Designer (todas las versiones) son vulnerables cuando un atacante que logra acceso de administrador en una estación de trabajo que ejecuta Studio 5000 Logix Designer podría inyectar código de controlador no detectable para un usuario • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0

A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller. Se ha descubierto un problema de agotamiento de recursos en Rockwell Automation ControlLogix 5580 en los controladores V28.011, V28.012 y V28.013. • http://www.securityfocus.com/bid/98309 https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 10.0EPSS: 0%CPEs: 101EXPL: 0

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. Ha sido descubierto un problema en Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 a 21.00 (excluyendo todas las versiones de firmware anteriores a FRN 16.00, que no se ven afectadas). Al enviar un paquete de protocolo industrial común (CIP) malformado, un atacante puede realizar un desbordamiento de búfer basado en pila y ejecutar código en el controlador o iniciar un fallo irrecuperable que da como resultado una denegación de servicio. • http://www.securityfocus.com/bid/95304 https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 93%CPEs: 23EXPL: 0

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a reset. Los productos Rockwell Automation EtherNet/IP: 1756-ENBT, 1756-EWEB, 1768-ENBT, y los módulos de comunicación 1768-EWEB; CompactLogix L32E y controladores L35E; adaptador 1788-ENBT FLEXLogix; adaptador 1794-AENTR FLEX I/O EtherNet/IP; ControlLogix 18 y anteriores; CompactLogix 18 y anteriores; GuardLogix 18 y anteriores; SoftLogix 18 y anteriores; controladores CompactLogix 19 y anteriores; controladores SoftLogix 19 y anteriores; controladores ControlLogix 20 y anteriores; controladores GuardLogix 20 y anteriores; y MicroLogix 1100 y 1400 permiten a atacantes remotos causar una denegación de servicio (control y corte de la comunicación) a través de un mensaje CIP que especifica un reinicio. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf https://tools.cisco.com/security/center/viewAlert.x?alertId=27862 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •