CVE-2012-6435

Rockwell Automation ControlLogix PLC Improper Access Control

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a logic-execution stop and fault.

Rockwell Automation EtherNet/IP; productos 1756-ENBT, 1756-EWEB, 1768-ENBT y módulos de comunicación 1768-EWEB; CompactLogix L32E y L35E, 1788-ENBT adaptador FlexLogix; AENTR 1794-FLEX adaptador I/O EtherNet/IP; ControlLogix v18 y anteriores; CompactLogix 18 y anteriores; GuardLogix v18 y anteriores; SoftLogix v18 y anteriores; controladores CompactLogix 19 y anteriores; controladores SoftLogix v19 y anteriores; controladores ControlLogix v20 y anteriores, los controladores GuardLogix v20 y anteriores, y MicroLogix 1100 y 1400 permiten a atacantes remotos causar una denegación de servicio (control y corte de la comunicación) a través de un mensaje CIP que especifica una parada lógica de ejecución y fallos.

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

*Credits: Rubén Santamarta of IOActive identified vulnerabilities in Rockwell Automation’s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-12-26 CVE Reserved
2013-01-24 CVE Published
2025-06-30 CVE Updated
2025-11-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-284: Improper Access Control
CWE-399: Resource Management Errors

CAPEC

References (6)

URL	Tag	Source
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf	Us Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rockwellautomation Search vendor "Rockwellautomation"		Controllogix Controllers Search vendor "Rockwellautomation" for product "Controllogix Controllers"				<= 20 Search vendor "Rockwellautomation" for product "Controllogix Controllers" and version " <= 20"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Guardlogix Controllers Search vendor "Rockwellautomation" for product "Guardlogix Controllers"				<= 20 Search vendor "Rockwellautomation" for product "Guardlogix Controllers" and version " <= 20"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Micrologix Search vendor "Rockwellautomation" for product "Micrologix"				<= 1100 Search vendor "Rockwellautomation" for product "Micrologix" and version " <= 1100"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Micrologix Search vendor "Rockwellautomation" for product "Micrologix"				<= 1400 Search vendor "Rockwellautomation" for product "Micrologix" and version " <= 1400"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Softlogix Controllers Search vendor "Rockwellautomation" for product "Softlogix Controllers"				<= 19 Search vendor "Rockwellautomation" for product "Softlogix Controllers" and version " <= 19"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		1756-enbt Search vendor "Rockwellautomation" for product "1756-enbt"				-		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		1756-eweb Search vendor "Rockwellautomation" for product "1756-eweb"				-		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		1768-enbt Search vendor "Rockwellautomation" for product "1768-enbt"				-		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		1768-eweb Search vendor "Rockwellautomation" for product "1768-eweb"				-		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		1794-aentr Flex I\/o Ethernet\/ip Adapter Search vendor "Rockwellautomation" for product "1794-aentr Flex I\/o Ethernet\/ip Adapter"				-		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Compactlogix Search vendor "Rockwellautomation" for product "Compactlogix"				<= 18 Search vendor "Rockwellautomation" for product "Compactlogix" and version " <= 18"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Compactlogix Controllers Search vendor "Rockwellautomation" for product "Compactlogix Controllers"				<= 19 Search vendor "Rockwellautomation" for product "Compactlogix Controllers" and version " <= 19"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Compactlogix L32e Controller Search vendor "Rockwellautomation" for product "Compactlogix L32e Controller"				-		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Compactlogix L35e Controller Search vendor "Rockwellautomation" for product "Compactlogix L35e Controller"				-		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Controllogix Search vendor "Rockwellautomation" for product "Controllogix"				<= 18 Search vendor "Rockwellautomation" for product "Controllogix" and version " <= 18"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Flexlogix 1788-enbt Adapter Search vendor "Rockwellautomation" for product "Flexlogix 1788-enbt Adapter"				-		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Guardlogix Search vendor "Rockwellautomation" for product "Guardlogix"				<= 18 Search vendor "Rockwellautomation" for product "Guardlogix" and version " <= 18"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Softlogix Search vendor "Rockwellautomation" for product "Softlogix"				<= 18 Search vendor "Rockwellautomation" for product "Softlogix" and version " <= 18"		-		Affected