PT-2012-2412 · Rockwell Automation · Rslogix 5000+1
Publicado
2012-04-02
·
Atualizado
2012-04-03
·
CVE-2012-0221
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5
RSLogix 5000 versions 17 through 20
Description
The issue arises from the FactoryTalk RNADiagReceiver service not properly handling the return value from an unspecified function. This allows remote attackers to cause a denial of service, resulting in a service outage, by sending a crafted packet.
Recommendations
For Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5, update to a version that properly handles the return value from the unspecified function to prevent denial of service attacks.
For RSLogix 5000 versions 17 through 20, update to a version that properly handles the return value from the unspecified function to prevent denial of service attacks.
Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Factorytalk Cpr9
Rslogix 5000