CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13573
https://notcve.org/view.php?id=CVE-2020-13573
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad del servidor Ethernet/IP de Rockwell Automation RSLinx Classic versión 2.57.00.14 CPR 9 SR 3. Una petición de red especialmente diseñada puede conllevar a una denegación de servicio. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1184 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12034
https://notcve.org/view.php?id=CVE-2020-12034
Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions. Productos que usan EDS Subsystem: versión 28.0.1 y anteriores (software FactoryTalk Linx (anteriormente llamado RSLinx Enterprise): versiones 6.00, 6.10 y 6.11, RSLinx Classic: versión 4.11.00 y anteriores, software RSNetWorx: versión 28.00.00 y anteriores, software Studio 5000 Logix Designer: versión 32 y anteriores) son vulnerables. El EDS Subsystem no proporciona un saneamiento de entrada adecuado, lo que puede permitir a un atacante diseñar archivos EDS especializados para inyectar consultas SQL y manipular la base de datos que almacena los archivos EDS. Esto puede conllevar a condiciones de denegación de servicio. • https://www.us-cert.gov/ics/advisories/icsa-20-140-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12038
https://notcve.org/view.php?id=CVE-2020-12038
Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions. Productos que usan EDS Subsystem: versión 28.0.1 y anteriores (software FactoryTalk Linx (anteriormente llamado RSLinx Enterprise): versiones 6.00, 6.10 y 6.11, RSLinx Classic: versión 4.11.00 y anteriores, software RSNetWorx: versión 28.00.00 y anteriores , software Studio 5000 Logix Designer: versión 32 y anteriores), es vulnerable. Se presenta una vulnerabilidad de corrupción de memoria en el algoritmo que coincide con los corchetes en el subsistema EDS. • https://www.us-cert.gov/ics/advisories/icsa-20-140-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2019-6553
https://notcve.org/view.php?id=CVE-2019-6553
A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition. Se ha detectado una vulnerabilidad en versiones 4.10.00 y anteriores de RSLinx Classic de Rockwell Automation. Se ha encontrado un problema de validación de entradas en un archivo .dll de RSLinx Classic donde los datos en una petición de servicio "Forward Open" se pasan a un búfer de tamaño fijo, permitiendo que un atacante explote una condición de desbordamiento de búfer basado en pila. • https://ics-cert.us-cert.gov/advisories/ICSA-19-064-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-14829
https://notcve.org/view.php?id=CVE-2018-14829
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. Rockwell Automation RSLinx Classic en versiones 4.00.01 y anteriores. Esta vulnerabilidad podría permitir que un actor de amenaza remoto envíe de forma intencional un paquete CIP mal formado al puerto 44818, lo que provoca que la aplicación deje de responder y se cierre inesperadamente. • https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02 https://www.tenable.com/security/research/tra-2018-26 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •