CVE-2012-4714

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk Services Platform (FTSP) versions CPR9 through CPR9-SR6

Description The issue is related to an integer overflow in the RNADiagnostics.dll component. This allows remote attackers to cause a denial of service, potentially resulting in a service outage or a crash of the RNADiagReceiver.exe daemon. The attack is facilitated by sending UDP data that specifies a large integer value.

Recommendations For Rockwell Automation FactoryTalk Services Platform (FTSP) versions CPR9 through CPR9-SR6, consider restricting access to the RNADiagnostics.dll component to minimize the risk of exploitation. As a temporary workaround, limiting the size of integer values accepted via UDP data may help mitigate the issue until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.