CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2011-2530
https://notcve.org/view.php?id=CVE-2011-2530
Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file. Desbordamiento de búfer en RSEds.dll en RSHWare.exe en EDS Hardware Installation Tool v1.0.5.1 y anteriores de Rockwell Automation RSLinx antes de v2.58, permite atecantes remotos asistidos por el usuario provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un archivo .eds mal formado. • http://rockwellautomation.custhelp.com/app/answers/detail/a_id/279194 http://www.kb.cert.org/vuls/id/127584 http://www.kb.cert.org/vuls/id/MAPG-8G9PWX http://www.securityfocus.com/bid/48092 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 88%CPEs: 4EXPL: 0CVE-2010-2965
https://notcve.org/view.php?id=CVE-2010-2965
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. El servicio WDB target agent debug en Wind River VxWorks v6.x, v5.x, y anteriores, como los usados en el Rockwell Automation 1756-ENBT serie A con firmware v3.2.6 y v3.6.1 y otros productos, permiten a atacantes remotos leer o modificar a su elección direcciones de memoria, realizar llamdas a funciones, o administrar tareas a través de peticiones UDP al puerto 17185, relacionado con el comportamiento de CVE-2005-3804. • http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735 http://www.kb.cert.org/vuls/id/362332 http://www.kb.cert.org/vuls/id/MAPG-86EPFA http://www.kb.cert.org/vuls/id/MAPG-86FPQL https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3739
https://notcve.org/view.php?id=CVE-2009-3739
Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors. Múltiples vulnerabilidades sin especificar en Rockwell Automation AB Micrologix 1100 y 1400 controllers permite a atacantes remotos obtener privilegios de acceso o provocar una denegación de servicio (parada) a través de vectores desconocidos. • http://www.securityfocus.com/archive/1/508946/100/0/threaded •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0472
https://notcve.org/view.php?id=CVE-2009-0472
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de ejecución de comandos en sitios cruzados en el interfaz web en el módulo Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores sin especificar. • http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 http://secunia.com/advisories/33783 http://www.kb.cert.org/vuls/id/882619 http://www.securityfocus.com/bid/33638 http://www.vupen.com/english/advisories/2009/0347 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0474
https://notcve.org/view.php?id=CVE-2009-0474
The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603. El interfaz web en el módulo Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge permite a atacantes remotos obtener "información de la pagina web interna" y "información interna del módulo" a través de vectores desconocidos. NOTA: esta vulnerabilidad puede solaparse con CVE-2002-1603. • http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 http://secunia.com/advisories/33783 http://www.kb.cert.org/vuls/id/124059 http://www.kb.cert.org/vuls/id/RGII-7MWKZ3 http://www.vupen.com/english/advisories/2009/0347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •