CVE-2012-6436

Name of the Vulnerable Software and Affected Versions Rockwell Automation EtherNet/IP products versions prior to the fixed version Rockwell Automation 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules versions prior to the fixed version Rockwell Automation CompactLogix L32E and L35E controllers versions prior to the fixed version Rockwell Automation 1788-ENBT FLEXLogix adapter versions prior to the fixed version Rockwell Automation 1794-AENTR FLEX I/O EtherNet/IP adapter versions prior to the fixed version Rockwell Automation ControlLogix 18 and earlier Rockwell Automation CompactLogix 18 and earlier Rockwell Automation GuardLogix 18 and earlier Rockwell Automation SoftLogix 18 and earlier Rockwell Automation CompactLogix controllers 19 and earlier Rockwell Automation SoftLogix controllers 19 and earlier Rockwell Automation ControlLogix controllers 20 and earlier Rockwell Automation GuardLogix controllers 20 and earlier Rockwell Automation MicroLogix 1100 and 1400 versions prior to the fixed version

Description A buffer overflow issue in Rockwell Automation EtherNet/IP products allows remote attackers to cause a denial of service (CPU crash and communication outage) via a malformed CIP packet.

Recommendations For Rockwell Automation EtherNet/IP products, update to a version that includes the fix for this issue. For Rockwell Automation 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules, update to a version that includes the fix for this issue. For Rockwell Automation CompactLogix L32E and L35E controllers, update to a version that includes the fix for this issue. For Rockwell Automation 1788-ENBT FLEXLogix adapter, update to a version that includes the fix for this issue. For Rockwell Automation 1794-AENTR FLEX I/O EtherNet/IP adapter, update to a version that includes the fix for this issue. For Rockwell Automation ControlLogix 18 and earlier, update to a version later than 18. For Rockwell Automation CompactLogix 18 and earlier, update to a version later than 18. For Rockwell Automation GuardLogix 18 and earlier, update to a version later than 18. For Rockwell Automation SoftLogix 18 and earlier, update to a version later than 18. For Rockwell Automation CompactLogix controllers 19 and earlier, update to a version later than 19. For Rockwell Automation SoftLogix controllers 19 and earlier, update to a version later than 19. For Rockwell Automation ControlLogix controllers 20 and earlier, update to a version later than 20. For Rockwell Automation GuardLogix controllers 20 and earlier, update to a version later than 20. For Rockwell Automation MicroLogix 1100 and 1400, update to a version that includes the fix for this issue.