CVE-2016-5814

Name of the Vulnerable Software and Affected Versions Rockwell Automation RSLogix Micro Starter Lite (affected versions not specified) Rockwell Automation RSLogix Micro Developer (affected versions not specified) Rockwell Automation RSLogix 500 Starter Edition (affected versions not specified) Rockwell Automation RSLogix 500 Standard Edition (affected versions not specified) Rockwell Automation RSLogix 500 Professional Edition (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code via a crafted RSS project file, due to a buffer overflow in the project file parsing mechanism. This can lead to remote code execution.

Recommendations For Rockwell Automation RSLogix Micro Starter Lite, update to a version that fixes the buffer overflow issue. For Rockwell Automation RSLogix Micro Developer, update to a version that fixes the buffer overflow issue. For Rockwell Automation RSLogix 500 Starter Edition, update to a version that fixes the buffer overflow issue. For Rockwell Automation RSLogix 500 Standard Edition, update to a version that fixes the buffer overflow issue. For Rockwell Automation RSLogix 500 Professional Edition, update to a version that fixes the buffer overflow issue. As a temporary workaround, consider restricting the use of crafted RSS project files until a patch is available.