CVE-2013-2807

Name of the Vulnerable Software and Affected Versions Rockwell Automation RSLinx Enterprise Software versions CPR9 through CPR9-SR6

Description The issue arises from incorrect handling of input, resulting in a logic error when calculating the Total Record Size field. This can be exploited by sending a modified datagram to the service over Port 4444/UDP, specifically by altering the Record Data Size field to an oversized value. This causes the service to calculate an undersized Total Record Size, leading to an out-of-bounds read access violation and subsequent service crash. The service can be recovered with a manual reboot.

Recommendations For versions CPR9 through CPR9-SR6, refer to the Rockwell Automation Security Advisory for patches and detailed information on resolving the issue.