Denial of Service Vulnerability in Rockwell Automation EtherNet/IP Products
CVE-2012-6442

Currently unrated

Key Information:

Vendor

Rockwell Automation
Status
1756-enbt, 1756-eweb, 1768-enbt, 1768-eweb Communication Modules
Compactlogix L32e And L35e Controllers
1788-enbt Flexlogix Adapter
1794-aentr Flex I/o Ethernet/ip Adapter
Vendor
CVE Published:
24 January 2013

What is CVE-2012-6442?

Certain Rockwell Automation EtherNet/IP products have a vulnerability that allows remote attackers to disrupt control and communication functionalities. By sending a specially crafted CIP message that instructs a system reset, an attacker may trigger significant service interruptions. This impacts numerous devices across various series, including ControlLogix and CompactLogix, posing risks to operational reliability and safety.

Affected Version(s)

1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules All

1788-ENBT FLEXLogix adapter All

1794-AENTR FLEX I/O EtherNet/IP adapter All

References

https://www.cisa.gov/news-events/ics-advisories/icsa-13-0...
https://rockwellautomation.custhelp.com/app/answers/detai...
https://rockwellautomation.custhelp.com/app/answers/detai...

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.