CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2020-13573
https://notcve.org/view.php?id=CVE-2020-13573
07 Jan 2021 — A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad del servidor Ethernet/IP de Rockwell Automation RSLinx Classic versión 2.57.00.14 CPR 9 SR 3. Una petición de red especialmente diseñada pue... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1184 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12034
https://notcve.org/view.php?id=CVE-2020-12034
20 May 2020 — Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files.... • https://www.us-cert.gov/ics/advisories/icsa-20-140-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12038
https://notcve.org/view.php?id=CVE-2020-12038
19 May 2020 — Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser CO... • https://www.us-cert.gov/ics/advisories/icsa-20-140-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2019-6553
https://notcve.org/view.php?id=CVE-2019-6553
04 Apr 2019 — A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition. Se ha detectado una vulnerabilidad en versiones 4.10.00 y anteriores de RSLinx Classic de Rockwell Automation. Se ha encontrado un problema de validación de entradas en un archivo .dll de RSLinx Classic do... • https://ics-cert.us-cert.gov/advisories/ICSA-19-064-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14827
https://notcve.org/view.php?id=CVE-2018-14827
20 Sep 2018 — Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality. Rockwell Automation RSLinx Classic en versiones 4.00.01 y anteriores. Un actor de amenaza remoto no autenticado podría enviar de forma intencionada paquetes Ethernet/IP al puerto 44818, lo que provoca que la apl... • https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2018-14821
https://notcve.org/view.php?id=CVE-2018-14821
20 Sep 2018 — Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality. Rockwell Automation RSLinx Classic en versiones 4.00.01 y anteriores. Esta vulnerabilidad podría permitir que un actor de amenaza remoto no autenticado envíe de forma intencional un paquete C... • https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 48%CPEs: 1EXPL: 1CVE-2018-14829
https://notcve.org/view.php?id=CVE-2018-14829
20 Sep 2018 — Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. Rockwell Automation RSLinx Classic en versiones 4.00.01 y anteriores. Esta vulnerabilidad podría permitir que un actor de am... • https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9204
https://notcve.org/view.php?id=CVE-2014-9204
17 May 2015 — Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file. Desbordamiento de buffer basado en pila en OPCTest.exe en Rockwell Automation RSLinx Classic anterior a 3.73.00 permite a atacantes remotos ejecutar código arbitrario a través de un fichero CSV manipulado. • https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2530
https://notcve.org/view.php?id=CVE-2011-2530
22 Jun 2011 — Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file. Desbordamiento de búfer en RSEds.dll en RSHWare.exe en EDS Hardware Installation Tool v1.0.5.1 y anteriores de Rockwell Automation RSLinx antes de v2.58, permite atecantes remotos asistidos por el usuario provoc... • http://rockwellautomation.custhelp.com/app/answers/detail/a_id/279194 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •