Lucene search

[email protected]CVE-2012-6437

HistoryJan 24, 2013 - 9:55 p.m.

CVE-2012-6437

2013-01-2421:55:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2012-6437

rockwell automation

ethernet/ip

authentication bypass

firmware update

remote code execution

nvd

8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

47.0%

JSON

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image.

CPENameOperatorVersion
rockwellautomation:guardlogix_controllersrockwellautomation guardlogix controllersle20
rockwellautomation:compactlogix_controllersrockwellautomation compactlogix controllersle19
rockwellautomation:1794-aentr_flex_i\/o_ethernet\/ip_adapterrockwellautomation 1794-aentr flex i\/o ethernet\/ip adaptereq-
rockwellautomation:flexlogix_1788-enbt_adapterrockwellautomation flexlogix 1788-enbt adaptereq-
rockwellautomation:micrologixrockwellautomation micrologixle1400
rockwellautomation:guardlogixrockwellautomation guardlogixle18
rockwellautomation:micrologixrockwellautomation micrologixle1100
rockwellautomation:1768-enbtrockwellautomation 1768-enbteq-
rockwellautomation:1756-enbtrockwellautomation 1756-enbteq-
rockwellautomation:compactlogixrockwellautomation compactlogixle18

CPE	Name	Operator	Version
rockwellautomation:guardlogix_controllers	rockwellautomation guardlogix controllers	le	20
rockwellautomation:compactlogix_controllers	rockwellautomation compactlogix controllers	le	19
rockwellautomation:1794-aentr_flex_i\/o_ethernet\/ip_adapter	rockwellautomation 1794-aentr flex i\/o ethernet\/ip adapter	eq	-
rockwellautomation:flexlogix_1788-enbt_adapter	rockwellautomation flexlogix 1788-enbt adapter	eq	-
rockwellautomation:micrologix	rockwellautomation micrologix	le	1400
rockwellautomation:guardlogix	rockwellautomation guardlogix	le	18
rockwellautomation:micrologix	rockwellautomation micrologix	le	1100
rockwellautomation:1768-enbt	rockwellautomation 1768-enbt	eq	-
rockwellautomation:1756-enbt	rockwellautomation 1756-enbt	eq	-
rockwellautomation:compactlogix	rockwellautomation compactlogix	le	18

Rows per page:

1-10 of 181

References

www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf

8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

47.0%

JSON

Related for CVE-2012-6437

nessus4 prion1 cvelist1 ics1