Authentication Flaw in Rockwell Automation EtherNet/IP Products
CVE-2012-6437

Currently unrated

Key Information:

Vendor

Rockwell Automation
Status
1756-enbt, 1756-eweb, 1768-enbt, 1768-eweb Communication Modules
Compactlogix L32e And L35e Controllers
1788-enbt Flexlogix Adapter
1794-aentr Flex I/o Ethernet/ip Adapter
Vendor
CVE Published:
24 January 2013

What is CVE-2012-6437?

Rockwell Automation's EtherNet/IP products, including various communication modules and controllers, are susceptible to an authentication vulnerability that fails to adequately secure firmware updates. This flaw enables remote attackers to exploit the system by executing arbitrary code via a malicious firmware update. Organizations using these affected products are urged to assess their firmware update processes and implement security measures to mitigate potential attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules All

1788-ENBT FLEXLogix adapter All

1794-AENTR FLEX I/O EtherNet/IP adapter All

References

https://www.cisa.gov/news-events/ics-advisories/icsa-13-0...
https://rockwellautomation.custhelp.com/app/answers/detai...
https://rockwellautomation.custhelp.com/app/answers/detai...

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.