PT-2017-10073 · Rockwell Automation · Logix5000
Published
2017-02-13
·
Updated
2022-02-03
·
CVE-2016-9343
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rockwell Automation Logix5000 Programmable Automation Controller versions 16.00 through 21.00
Description
An issue allows an attacker to potentially execute code on the controller or initiate a denial of service by sending a malformed common industrial protocol (CIP) packet, which can overflow a stack-based buffer.
Recommendations
For versions 16.00 through 21.00, consider restricting access to the CIP protocol until a fix is available to prevent potential exploitation.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logix5000