CVE-2012-4690
https://notcve.org/view.php?id=CVE-2012-4690
Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits. Controlador Rockwell Automation Allen-Bradley MicroLogix v1100, v1200, v1400 y v1500; plataforma de controladores SLC 500 y PLC-5, cuando el estado Static no está activado, permite a atacantes remotos provocar una denegación de servicio a través de mensajes que desencadenan la modificación de bits de estado. • http://ics-cert.us-cert.gov/advisories/ICSA-12-342-01A http://www.us-cert.gov/control_systems/pdf/ICSA-12-342-01.pdf https://rockwellautomation.custhelp.com/app/answers/detail/a_id/511407 • CWE-16: Configuration •
CVE-2012-0222
https://notcve.org/view.php?id=CVE-2012-0222
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet. El servicio FactoryTalk (FT) RNADiagReceiver en Rockwell Automation Allen-Bradley FactoryTalk CPR9 hasta SR5 y RSLogix 5000 17 hasta 20 permite a atacantes remotos provocar una denegación de servicio (lectura fuera del límite) a través de un paquete manipulado. • http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937 http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0221 – Rockwell Automation FactoryTalk Activation Server - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0221
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. El servicio FactoryTalk (FT) RNADiagReceiver en Rockwell Automation Allen-Bradley FactoryTalk CPR9 hasta SR5 y RSLogix 5000 17 hasta 20 no gestiona de forma adecuada el valor de retorno de una función específica, lo que permite a atacantes remotos provocar una denegación de servicio (corte de servicio) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/36570 http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937 http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf • CWE-20: Improper Input Validation •
CVE-2011-3489 – Rockwell RSLogix 19 - Denial of Service
https://notcve.org/view.php?id=CVE-2011-3489
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field. RnaUtility.dll de RsvcHost.exe 2.30.0.23 en Rockwell RSLogix 19 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete rna modificado con una cadena extensa al puerto TCP 4446 que provoca (1) "un desbordamiento cero" o (2) una lectura fuera de límites, relacionado con un manejo inadecuado de un campo de tamaño de 32 bits. • https://www.exploit-db.com/exploits/17843 http://aluigi.altervista.org/adv/rslogix_1-adv.txt http://securityreason.com/securityalert/8383 http://www.securityfocus.com/bid/49608 https://exchange.xforce.ibmcloud.com/vulnerabilities/69808 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2957
https://notcve.org/view.php?id=CVE-2011-2957
Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption. Vulnerabilidad no especificada en Rockwell Automation FactoryTalk Diagnostics Viewer antes de V2.30.00 (CPR9 SR3), permite a usuarios locales ejecutar código de su elección a través de un archivo de configuración elaborado visor de FactoryTalk Diagnostics FactoryTalk Diagnostics Viewer (.ftd) manipulado que provoca corrupción de memoria. • http://rockwellautomation.custhelp.com/app/answers/detail/a_id/448424 http://www.securityfocus.com/bid/48962 http://www.us-cert.gov/control_systems/pdf/ICSA-11-175-01.pdf •