CVE-2012-6442

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a reset.
References
Link Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf Broken Link Third Party Advisory US Government Resource
https://tools.cisco.com/security/center/viewAlert.x?alertId=27862 Third Party Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf Broken Link Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:ethernet\/ip_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:rockwellautomation:l32e:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:l35e:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:rockwellautomation:flexlogix_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1788-enbt:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:rockwellautomation:flex_i\/o_ethernet\/ip__firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1794-aentr:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:rockwellautomation:micrologix_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:rockwellautomation:1100:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1400:-:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:rockwellautomation:compactlogix_controllers_firmware:19:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_firmware:18:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_controllers_firmware:20:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_firmware:18:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_controllers_firmware:20:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_firmware:18:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:softlogix_controllers_firmware:19:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:softlogix_firmware:18:*:*:*:*:*:*:*

History

21 Nov 2024, 01:46

Type Values Removed Values Added
References () http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf - Broken Link, Third Party Advisory, US Government Resource () http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf - Broken Link, Third Party Advisory, US Government Resource

Information

Published : 2013-01-24 21:55

Updated : 2024-11-21 01:46


NVD link : CVE-2012-6442

Mitre link : CVE-2012-6442

CVE.ORG link : CVE-2012-6442


JSON object : View

Products Affected

rockwellautomation

  • 1788-enbt
  • 1756-enbt
  • controllogix_firmware
  • guardlogix_firmware
  • compactlogix_firmware
  • 1100
  • ethernet\/ip_firmware
  • flex_i\/o_ethernet\/ip__firmware
  • l35e
  • softlogix_firmware
  • controllogix_controllers_firmware
  • l32e
  • 1400
  • compactlogix_controllers_firmware
  • 1768-enbt
  • softlogix_controllers_firmware
  • 1794-aentr
  • micrologix_firmware
  • 1756-eweb
  • 1768-eweb
  • guardlogix_controllers_firmware
  • flexlogix_firmware
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer