Alessandro Di Pinto

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation RSLinx Classic versions 4.00.01 and prior **Description** The issue is related to a buffer overflow in memory. It may allow a remote attacker to cause a denial of service by sending a specially crafted CIP packet to port 44818. This can cause the RSLinx Classic application to terminate, requiring a manual restart to regain functionality. **Recommendations** For versions 4.00.01 and prior, manually restart the software after a termination to regain functionality. As a temporary workaround, consider restricting access to port 44818 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation RSLinx Classic versions 4.00.01 and prior **Description** The issue is related to an uncontrolled resource consumption vulnerability. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to "Port 44818", causing the software application to stop responding and crash, resulting in a denial of service. The user must restart the software to regain functionality. **Recommendations** For Rockwell Automation RSLinx Classic versions 4.00.01 and prior, consider restricting access to "Port 44818" to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the affected port in the software configuration to prevent potential crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 **Description** The issue allows a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. **Recommendations** For Emerson DeltaV DCS version 11.3.1, update to a version that includes a fix for this issue. For Emerson DeltaV DCS version 12.3.1, update to a version that includes a fix for this issue. For Emerson DeltaV DCS version 13.3.0, update to a version that includes a fix for this issue. For Emerson DeltaV DCS version 13.3.1, update to a version that includes a fix for this issue. For Emerson DeltaV DCS version R5, update to a version that includes a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 **Description** The issue is related to improper path validation, which may allow a remote attacker to replace executable files. This could potentially lead to security breaches. **Recommendations** For versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5, update to a version that properly validates paths to prevent executable file replacement. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation RSLinx Classic versions 4.00.01 and prior **Description** The issue allows a remote threat actor to send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. It also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. This is due to a buffer overflow vulnerability in the ENGINE.dll file of the RSLinx Classic server, which can be exploited by sending specially crafted CIP packets to port 44818, potentially allowing an attacker to execute arbitrary code or cause a denial of service. **Recommendations** For versions 4.00.01 and prior, consider disabling access to Port 44818 as a temporary workaround until a patch is available. Restrict access to the ENGINE.dll file to minimize the risk of exploitation. Avoid using the `CIP` protocol in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.