CVE-2012-6440

Name of the Vulnerable Software and Affected Versions Rockwell Automation EtherNet/IP products versions prior to the fixed version 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules versions prior to the fixed version CompactLogix L32E and L35E controllers versions prior to the fixed version 1788-ENBT FLEXLogix adapter versions prior to the fixed version 1794-AENTR FLEX I/O EtherNet/IP adapter versions prior to the fixed version ControlLogix versions 18 and earlier CompactLogix versions 18 and earlier GuardLogix versions 18 and earlier SoftLogix versions 18 and earlier CompactLogix controllers versions 19 and earlier SoftLogix controllers versions 19 and earlier ControlLogix controllers versions 20 and earlier GuardLogix controllers versions 20 and earlier MicroLogix 1100 and 1400 versions prior to the fixed version

Description The web-server password-authentication functionality in the affected products allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.