CVE-2012-6437

Name of the Vulnerable Software and Affected Versions Rockwell Automation EtherNet/IP products versions 18 and earlier Rockwell Automation EtherNet/IP products versions 19 and earlier Rockwell Automation EtherNet/IP products versions 20 and earlier 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules (affected versions not specified) CompactLogix L32E and L35E controllers (affected versions not specified) 1788-ENBT FLEXLogix adapter (affected versions not specified) 1794-AENTR FLEX I/O EtherNet/IP adapter (affected versions not specified) MicroLogix 1100 and 1400 (affected versions not specified)

Description The issue is related to inadequate authentication procedures for Ethernet firmware updates in Rockwell Automation products, allowing remote attackers to execute arbitrary code via a Trojan horse update image. This vulnerability can be exploited by a remote attacker to execute arbitrary code by using modified firmware.

Recommendations For Rockwell Automation EtherNet/IP products versions 18 and earlier, update to a version later than 18 to resolve the issue. For Rockwell Automation EtherNet/IP products versions 19 and earlier, update to a version later than 19 to resolve the issue. For Rockwell Automation EtherNet/IP products versions 20 and earlier, update to a version later than 20 to resolve the issue. For 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules, CompactLogix L32E and L35E controllers, 1788-ENBT FLEXLogix adapter, 1794-AENTR FLEX I/O EtherNet/IP adapter, and MicroLogix 1100 and 1400, at the moment, there is no information about a newer version that contains a fix for this vulnerability.