PT-2019-9708 · Rockwell Automation · Compactlogix+1
Published
2019-03-27
·
Updated
2019-10-09
·
CVE-2018-19016
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) versions 5.001 and earlier
Rockwell Automation CompactLogix 1768-EWEB versions 2.005 and earlier
Description
A remote attacker could send a crafted UDP packet to the SNMP service, causing a denial-of-service condition to occur until the affected product is restarted.
Recommendations
For Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) versions 5.001 and earlier, update to a version later than 5.001 to resolve the issue.
For Rockwell Automation CompactLogix 1768-EWEB versions 2.005 and earlier, update to a version later than 2.005 to resolve the issue.
As a temporary workaround, consider restricting access to the SNMP service until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Compactlogix
Ethernet/Ip Web Server Modules