Denial of Service Vulnerability in Rockwell Automation EtherNet/IP Products
CVE-2012-6442

7.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: 1756-enbt, 1756-eweb, 1768-enbt, 1768-eweb Communication Modules; Compactlogix L32e And L35e Controllers; 1788-enbt Flexlogix Adapter; 1794-aentr Flex I/o Ethernet/ip Adapter
Vendor: CVE Published:; 24 January 2013

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2012-6442?

Certain Rockwell Automation EtherNet/IP products have a vulnerability that allows remote attackers to disrupt control and communication functionalities. By sending a specially crafted CIP message that instructs a system reset, an attacker may trigger significant service interruptions. This impacts numerous devices across various series, including ControlLogix and CompactLogix, posing risks to operational reliability and safety.

Affected Version(s)

1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules All

1788-ENBT FLEXLogix adapter All

1794-AENTR FLEX I/O EtherNet/IP adapter All

References

https://www.cisa.gov/news-events/ics-advisories/icsa-13-0...

https://rockwellautomation.custhelp.com/app/answers/detai...

EPSS Score

32% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 24, 2013

CVE-2012-6442 Data

JSON