Page 30 of 241 results (0.014 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted. Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (incluye 1756-EWEBK), en versiones 5.001 y anteriores, así como CompactLogix 1768-EWEB, en versiones 2.005 y anteriores. Un atacante remoto podría enviar un paquete UDP manipulado al servicio SNMP, provocando una denegación de servicio (DoS) hasta que se reinicia el producto afectado. • https://ics-cert.us-cert.gov/advisories/ICSA-19-036-02 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services. Existe la posibilidad de que la contraseña del producto se use para restringir el acceso no autorizado a los controladores Rockwell PLC5 / SLC5 / 0x / RSLogix 1785-Lx y 1747-L5x. Existe la posibilidad de que un cliente de programación y configuración no autorizado obtenga acceso al producto y permita cambios en la configuración o el programa del producto. • https://ics-cert.us-cert.gov/advisories/ICSA-10-070-02 • CWE-255: Credentials Management Errors CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 El software RSLinx Enterprise de Rockwell Automation (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1 y CPR9-SR6 no maneja la entrada correctamente y da como resultado un error lógico si recibe un datagrama con un valor incorrecto en el campo" Record Data Size”. Al enviar un datagrama al servicio a través del puerto 4444 / UDP con el campo “Record Data Size” modificado a un valor demasiado grande, un atacante podría causar una infracción de acceso de lectura fuera de los límites que conduzca a un bloqueo del servicio. • https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 El software RSLinx Enterprise de Rockwell Automation (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1 y CPR9-SR6 no maneja la entrada correctamente y da como resultado un error lógico si calcula un valor incorrecto para el campo “End of Current Record”. • https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 El software RSLinx Enterprise de Rockwell Automation (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1 y CPR9-SR6 no maneja la entrada correctamente y da como resultado un error lógico si calcula un valor incorrecto para el campo “Total Record Size”. Al enviar un datagrama al servicio a través del puerto 4444 / UDP con el campo "“Record Data Size" modificado a un valor específicamente sobredimensionado, el servicio calculará un valor de tamaño inferior al "Tamaño de registro total" que causará un fuera de los límites violación de acceso de lectura que conduce a un bloqueo del servicio. • https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •