// For flags

CVE-2012-4715

 

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a UDP packet with a certain integer length value that is (1) too large or (2) too small, leading to improper handling by Logger.dll.

Un desbordamiento de búfer en el archivo LogReceiver.exe en RSLinx Enterprise de Rockwell Automation versiones CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1 y CPR9-SR6, permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario por medio de un paquete UDP con un cierto valor de longitud de entero que es (1) demasiado grande o (2) demasiado pequeño, conllevando a un manejo inapropiado por parte de la biblioteca Logger.dll.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-08-28 CVE Reserved
  • 2013-04-18 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rockwellautomation
Search vendor "Rockwellautomation"
 Rslinx Enterprise
Search vendor "Rockwellautomation" for product "Rslinx Enterprise"
 cpr9
Search vendor "Rockwellautomation" for product "Rslinx Enterprise" and version "cpr9"
-
Affected
Rockwellautomation
Search vendor "Rockwellautomation"
 Rslinx Enterprise
Search vendor "Rockwellautomation" for product "Rslinx Enterprise"
 cpr9
Search vendor "Rockwellautomation" for product "Rslinx Enterprise" and version "cpr9"
sr1
Affected
Rockwellautomation
Search vendor "Rockwellautomation"
 Rslinx Enterprise
Search vendor "Rockwellautomation" for product "Rslinx Enterprise"
 cpr9
Search vendor "Rockwellautomation" for product "Rslinx Enterprise" and version "cpr9"
sr2
Affected
Rockwellautomation
Search vendor "Rockwellautomation"
 Rslinx Enterprise
Search vendor "Rockwellautomation" for product "Rslinx Enterprise"
 cpr9
Search vendor "Rockwellautomation" for product "Rslinx Enterprise" and version "cpr9"
sr3
Affected
Rockwellautomation
Search vendor "Rockwellautomation"
 Rslinx Enterprise
Search vendor "Rockwellautomation" for product "Rslinx Enterprise"
 cpr9
Search vendor "Rockwellautomation" for product "Rslinx Enterprise" and version "cpr9"
sr4
Affected
Rockwellautomation
Search vendor "Rockwellautomation"
 Rslinx Enterprise
Search vendor "Rockwellautomation" for product "Rslinx Enterprise"
 cpr9
Search vendor "Rockwellautomation" for product "Rslinx Enterprise" and version "cpr9"
sr5
Affected
Rockwellautomation
Search vendor "Rockwellautomation"
 Rslinx Enterprise
Search vendor "Rockwellautomation" for product "Rslinx Enterprise"
 cpr9
Search vendor "Rockwellautomation" for product "Rslinx Enterprise" and version "cpr9"
sr5.1
Affected
Rockwellautomation
Search vendor "Rockwellautomation"
 Rslinx Enterprise
Search vendor "Rockwellautomation" for product "Rslinx Enterprise"
 cpr9
Search vendor "Rockwellautomation" for product "Rslinx Enterprise" and version "cpr9"
sr6
Affected