CVE-2018-14829

Name of the Vulnerable Software and Affected Versions Rockwell Automation RSLinx Classic versions 4.00.01 and prior

Description The issue allows a remote threat actor to send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. It also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. This is due to a buffer overflow vulnerability in the ENGINE.dll file of the RSLinx Classic server, which can be exploited by sending specially crafted CIP packets to port 44818, potentially allowing an attacker to execute arbitrary code or cause a denial of service.

Recommendations For versions 4.00.01 and prior, consider disabling access to Port 44818 as a temporary workaround until a patch is available. Restrict access to the ENGINE.dll file to minimize the risk of exploitation. Avoid using the CIP protocol in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.