CVE-2012-6442

Rockwell Automation ControlLogix PLC Improper Access Control

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a reset.

Los productos Rockwell Automation EtherNet/IP: 1756-ENBT, 1756-EWEB, 1768-ENBT, y los módulos de comunicación 1768-EWEB; CompactLogix L32E y controladores L35E; adaptador 1788-ENBT FLEXLogix; adaptador 1794-AENTR FLEX I/O EtherNet/IP; ControlLogix 18 y anteriores; CompactLogix 18 y anteriores; GuardLogix 18 y anteriores; SoftLogix 18 y anteriores; controladores CompactLogix 19 y anteriores; controladores SoftLogix 19 y anteriores; controladores ControlLogix 20 y anteriores; controladores GuardLogix 20 y anteriores; y MicroLogix 1100 y 1400 permiten a atacantes remotos causar una denegación de servicio (control y corte de la comunicación) a través de un mensaje CIP que especifica un reinicio.

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

*Credits: Rubén Santamarta of IOActive identified vulnerabilities in Rockwell Automation’s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-12-26 CVE Reserved
2013-01-24 CVE Published
2025-06-30 CVE Updated
2025-11-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-284: Improper Access Control

CAPEC

References (7)

URL	Tag	Source
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf	Broken Link
https://tools.cisco.com/security/center/viewAlert.x?alertId=27862	Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rockwellautomation Search vendor "Rockwellautomation"	Ethernet\/ip Firmware Search vendor "Rockwellautomation" for product "Ethernet\/ip Firmware"	-	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1756-enbt Search vendor "Rockwellautomation" for product "1756-enbt"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Ethernet\/ip Firmware Search vendor "Rockwellautomation" for product "Ethernet\/ip Firmware"	-	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1756-eweb Search vendor "Rockwellautomation" for product "1756-eweb"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Ethernet\/ip Firmware Search vendor "Rockwellautomation" for product "Ethernet\/ip Firmware"	-	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1768-enbt Search vendor "Rockwellautomation" for product "1768-enbt"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Ethernet\/ip Firmware Search vendor "Rockwellautomation" for product "Ethernet\/ip Firmware"	-	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1768-eweb Search vendor "Rockwellautomation" for product "1768-eweb"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Compactlogix Firmware Search vendor "Rockwellautomation" for product "Compactlogix Firmware"	-	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	L32e Search vendor "Rockwellautomation" for product "L32e"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Compactlogix Firmware Search vendor "Rockwellautomation" for product "Compactlogix Firmware"	-	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	L35e Search vendor "Rockwellautomation" for product "L35e"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Flexlogix Firmware Search vendor "Rockwellautomation" for product "Flexlogix Firmware"	-	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1788-enbt Search vendor "Rockwellautomation" for product "1788-enbt"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Flex I\/o Ethernet\/ip Firmware Search vendor "Rockwellautomation" for product "Flex I\/o Ethernet\/ip Firmware"	-	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1794-aentr Search vendor "Rockwellautomation" for product "1794-aentr"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Micrologix Firmware Search vendor "Rockwellautomation" for product "Micrologix Firmware"	-	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1100 Search vendor "Rockwellautomation" for product "1100"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Micrologix Firmware Search vendor "Rockwellautomation" for product "Micrologix Firmware"	-	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1400 Search vendor "Rockwellautomation" for product "1400"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"		Compactlogix Controllers Firmware Search vendor "Rockwellautomation" for product "Compactlogix Controllers Firmware"				19 Search vendor "Rockwellautomation" for product "Compactlogix Controllers Firmware" and version "19"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Compactlogix Firmware Search vendor "Rockwellautomation" for product "Compactlogix Firmware"				18 Search vendor "Rockwellautomation" for product "Compactlogix Firmware" and version "18"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Controllogix Controllers Firmware Search vendor "Rockwellautomation" for product "Controllogix Controllers Firmware"				20 Search vendor "Rockwellautomation" for product "Controllogix Controllers Firmware" and version "20"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Controllogix Firmware Search vendor "Rockwellautomation" for product "Controllogix Firmware"				18 Search vendor "Rockwellautomation" for product "Controllogix Firmware" and version "18"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Guardlogix Controllers Firmware Search vendor "Rockwellautomation" for product "Guardlogix Controllers Firmware"				20 Search vendor "Rockwellautomation" for product "Guardlogix Controllers Firmware" and version "20"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Guardlogix Firmware Search vendor "Rockwellautomation" for product "Guardlogix Firmware"				18 Search vendor "Rockwellautomation" for product "Guardlogix Firmware" and version "18"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Softlogix Controllers Firmware Search vendor "Rockwellautomation" for product "Softlogix Controllers Firmware"				19 Search vendor "Rockwellautomation" for product "Softlogix Controllers Firmware" and version "19"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Softlogix Firmware Search vendor "Rockwellautomation" for product "Softlogix Firmware"				18 Search vendor "Rockwellautomation" for product "Softlogix Firmware" and version "18"		-		Affected