CVE-2012-0221

2022-10-0316:15:41

CWE-20

[email protected]

web.nvd.nist.gov

cve-2012-0221

factorytalk

rnadiagreceiver

rockwell automation

allen-bradley

cpr9

sr5

rslogix 5000

denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

High

0.106 Low

EPSS

Percentile

95.1%

JSON

The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet.

Affected configurations

NVD

Node

rockwellautomationfactorytalkMatchcpr9

rockwellautomationfactorytalkMatchcpr9_sr5

rockwellautomationrslogix_5000Match17

rockwellautomationrslogix_5000Match18

rockwellautomationrslogix_5000Match19

rockwellautomationrslogix_5000Match20

CPENameOperatorVersion
rockwellautomation:factorytalkrockwellautomation factorytalkeqcpr9
rockwellautomation:factorytalkrockwellautomation factorytalkeqcpr9_sr5
rockwellautomation:rslogix_5000rockwellautomation rslogix 5000eq17
rockwellautomation:rslogix_5000rockwellautomation rslogix 5000eq18
rockwellautomation:rslogix_5000rockwellautomation rslogix 5000eq19
rockwellautomation:rslogix_5000rockwellautomation rslogix 5000eq20

CPE	Name	Operator	Version
rockwellautomation:factorytalk	rockwellautomation factorytalk	eq	cpr9
rockwellautomation:factorytalk	rockwellautomation factorytalk	eq	cpr9_sr5
rockwellautomation:rslogix_5000	rockwellautomation rslogix 5000	eq	17
rockwellautomation:rslogix_5000	rockwellautomation rslogix 5000	eq	18
rockwellautomation:rslogix_5000	rockwellautomation rslogix 5000	eq	19
rockwellautomation:rslogix_5000	rockwellautomation rslogix 5000	eq	20