Logic Error in Rockwell Automation RSLinx Enterprise Software
CVE-2013-2805

7.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Rslinx Enterprise Software
Vendor: CVE Published:; 26 March 2019

Summary

The RSLinx Enterprise Software from Rockwell Automation experiences a logic error when it improperly processes input. Specifically, if the software receives a datagram with an oversized value in the 'Record Data Size' field, it leads to an out-of-bounds read access violation, resulting in a service crash. Recovery requires a manual reboot of the service. For further details and patches, check Rockwell Automation’s Security Advisory.

Affected Version(s)

RSLinx Enterprise Software CPR9

RSLinx Enterprise Software CPR9-SR1

RSLinx Enterprise Software CPR9-SR2

References

https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2019
Vulnerability Reserved
Apr 11, 2013