CVE-2011-3489

Name of the Vulnerable Software and Affected Versions RSLogix versions 19 and earlier

Description The issue allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446. This is related to improper handling of a 32-bit size field and can trigger either a "memset zero overflow" or an out-of-bounds read.

Recommendations For RSLogix versions 19 and earlier, consider restricting access to TCP port 4446 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.