CVE-2012-6442

Name of the Vulnerable Software and Affected Versions Rockwell Automation EtherNet/IP products versions 18 and earlier Rockwell Automation EtherNet/IP products versions 19 and earlier Rockwell Automation EtherNet/IP products versions 20 and earlier 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules CompactLogix L32E and L35E controllers 1788-ENBT FLEXLogix adapter 1794-AENTR FLEX I/O EtherNet/IP adapter MicroLogix 1100 and 1400

Description The issue allows remote attackers to cause a denial of service, resulting in control and communication outage, via a CIP message that specifies a reset.

Recommendations For Rockwell Automation EtherNet/IP products versions 18 and earlier, update to a version later than 18 to resolve the issue. For Rockwell Automation EtherNet/IP products versions 19 and earlier, update to a version later than 19 to resolve the issue. For Rockwell Automation EtherNet/IP products versions 20 and earlier, update to a version later than 20 to resolve the issue. For 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules, consider disabling the CIP message reset functionality until a patch is available. For CompactLogix L32E and L35E controllers, restrict access to the CIP message functionality to minimize the risk of exploitation. For 1788-ENBT FLEXLogix adapter and 1794-AENTR FLEX I/O EtherNet/IP adapter, avoid using the CIP message reset functionality in the affected modules until the issue is resolved. For MicroLogix 1100 and 1400, consider implementing configuration changes to prevent the CIP message reset functionality from being exploited.