CVSS: 5.0EPSS: 76%CPEs: 6EXPL: 1CVE-2012-0221 – Rockwell Automation FactoryTalk Activation Server - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0221
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. El servicio FactoryTalk (FT) RNADiagReceiver en Rockwell Automation Allen-Bradley FactoryTalk CPR9 hasta SR5 y RSLogix 5000 17 hasta 20 no gestiona de forma adecuada el valor de retorno de una función específica, lo que permite a atacantes remotos provocar una denegación de servicio (corte de servicio) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/36570 http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937 http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-3489 – Rockwell RSLogix 19 - Denial of Service
https://notcve.org/view.php?id=CVE-2011-3489
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field. RnaUtility.dll de RsvcHost.exe 2.30.0.23 en Rockwell RSLogix 19 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete rna modificado con una cadena extensa al puerto TCP 4446 que provoca (1) "un desbordamiento cero" o (2) una lectura fuera de límites, relacionado con un manejo inadecuado de un campo de tamaño de 32 bits. • https://www.exploit-db.com/exploits/17843 http://aluigi.altervista.org/adv/rslogix_1-adv.txt http://securityreason.com/securityalert/8383 http://www.securityfocus.com/bid/49608 https://exchange.xforce.ibmcloud.com/vulnerabilities/69808 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •