CVE-2016-5814

{"id": "CVE-2016-5814", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}]}, "published": "2016-09-19T01:59:05.133", "references": [{"url": "http://www.securityfocus.com/bid/92983", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-224-02", "tags": ["Mitigation", "Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition y RSLogix 500 Professional Edition permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de proyecto RSS manipulado."}], "lastModified": "2016-11-28T20:29:37.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:rslogix_500_professional_edition:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B3437D1-F1DC-4FFF-A5FD-7373BC49E61B"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslogix_500_standard_edition:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1448FA18-59A5-4644-A1FC-1849FE817460"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslogix_500_starter_edition:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70A853BE-4277-45A8-B37F-2D19A2B45572"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslogix_micro_developer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF938B05-B208-45DA-BE12-B3C2DDD2CD00"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslogix_micro_starter_lite:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7607CF5-A97A-4879-8668-4EC4BA2343D7"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}