Authentication Flaw in Rockwell Automation EtherNet/IP Products
CVE-2012-6437

Currently unrated

Key Information:

Vendor: Rockwell Automation
Status: 1756-enbt, 1756-eweb, 1768-enbt, 1768-eweb Communication Modules; Compactlogix L32e And L35e Controllers; 1788-enbt Flexlogix Adapter; 1794-aentr Flex I/o Ethernet/ip Adapter
Vendor: CVE Published:; 24 January 2013

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2012-6437?

Rockwell Automation's EtherNet/IP products, including various communication modules and controllers, are susceptible to an authentication vulnerability that fails to adequately secure firmware updates. This flaw enables remote attackers to exploit the system by executing arbitrary code via a malicious firmware update. Organizations using these affected products are urged to assess their firmware update processes and implement security measures to mitigate potential attacks.

Affected Version(s)

1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules All

1788-ENBT FLEXLogix adapter All

1794-AENTR FLEX I/O EtherNet/IP adapter All

References

https://www.cisa.gov/news-events/ics-advisories/icsa-13-0...

https://rockwellautomation.custhelp.com/app/answers/detai...

EPSS Score

24% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 24, 2013