Lucene search

[email protected]CVE-2012-6439

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-6439

2022-10-0316:15:27

[email protected]

web.nvd.nist.gov

cve-2012-6439

rockwell automation

ethernet/ip

denial of service

cip message

remote attack

communication outage

nvd

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:P/A:C

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.4%

JSON

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters.

Affected configurations

NVD

Node

rockwellautomationcontrollogix_controllersRange≤20

rockwellautomationguardlogix_controllersRange≤20

rockwellautomationmicrologixRange≤1100

rockwellautomationmicrologixRange≤1400

rockwellautomationsoftlogix_controllersRange≤19

rockwellautomation1756-enbtMatch-

rockwellautomation1756-ewebMatch-

rockwellautomation1768-enbtMatch-

rockwellautomation1768-ewebMatch-

rockwellautomation1794-aentr_flex_i\/o_ethernet\/ip_adapterMatch-

rockwellautomationcompactlogixRange≤18

rockwellautomationcompactlogix_controllersRange≤19

rockwellautomationcompactlogix_l32e_controllerMatch-

rockwellautomationcompactlogix_l35e_controllerMatch-

rockwellautomationcontrollogixRange≤18

rockwellautomationflexlogix_1788-enbt_adapterMatch-

rockwellautomationguardlogixRange≤18

rockwellautomationsoftlogixRange≤18

CPENameOperatorVersion
rockwellautomation:controllogix_controllersrockwellautomation controllogix controllersle20
rockwellautomation:guardlogix_controllersrockwellautomation guardlogix controllersle20
rockwellautomation:micrologixrockwellautomation micrologixle1100
rockwellautomation:micrologixrockwellautomation micrologixle1400
rockwellautomation:softlogix_controllersrockwellautomation softlogix controllersle19
rockwellautomation:1756-enbtrockwellautomation 1756-enbteq-
rockwellautomation:1756-ewebrockwellautomation 1756-ewebeq-
rockwellautomation:1768-enbtrockwellautomation 1768-enbteq-
rockwellautomation:1768-ewebrockwellautomation 1768-ewebeq-
rockwellautomation:1794-aentr_flex_i\/o_ethernet\/ip_adapterrockwellautomation 1794-aentr flex i/o ethernet/ip adaptereq-

CPE	Name	Operator	Version
rockwellautomation:controllogix_controllers	rockwellautomation controllogix controllers	le	20
rockwellautomation:guardlogix_controllers	rockwellautomation guardlogix controllers	le	20
rockwellautomation:micrologix	rockwellautomation micrologix	le	1100
rockwellautomation:micrologix	rockwellautomation micrologix	le	1400
rockwellautomation:softlogix_controllers	rockwellautomation softlogix controllers	le	19
rockwellautomation:1756-enbt	rockwellautomation 1756-enbt	eq	-
rockwellautomation:1756-eweb	rockwellautomation 1756-eweb	eq	-
rockwellautomation:1768-enbt	rockwellautomation 1768-enbt	eq	-
rockwellautomation:1768-eweb	rockwellautomation 1768-eweb	eq	-
rockwellautomation:1794-aentr_flex_i\/o_ethernet\/ip_adapter	rockwellautomation 1794-aentr flex i/o ethernet/ip adapter	eq	-