CVE-2014-9204

Name of the Vulnerable Software and Affected Versions RSLinx Classic versions prior to 3.73.00

Description The issue is caused by a stack-based buffer overflow in the RSLinx Classic communication server's dynamic linking library. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability can be exploited via a crafted CSV file.

Recommendations For versions prior to 3.73.00, update to version 3.73.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the OPCTest.exe executable until a patch is applied. Avoid using crafted CSV files in the affected application until the issue is resolved.