Lucene search

[email protected]CVE-2016-5814

HistorySep 19, 2016 - 1:59 a.m.

CVE-2016-5814

2016-09-1901:59:05

CWE-119

[email protected]

web.nvd.nist.gov

cve

2016

5814

buffer overflow

rockwell automation

rslogix

micro starter lite

micro developer

500 starter edition

500 standard edition

500 professional edition

remote code execution

rss project file

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.

Affected configurations

NVD

Node

rockwellautomationrslogix_500_professional_editionMatch-

rockwellautomationrslogix_500_standard_editionMatch-

rockwellautomationrslogix_500_starter_editionMatch-

rockwellautomationrslogix_micro_developerMatch-

rockwellautomationrslogix_micro_starter_liteMatch-

CPENameOperatorVersion
rockwellautomation:rslogix_500_professional_editionrockwellautomation rslogix 500 professional editioneq-
rockwellautomation:rslogix_500_standard_editionrockwellautomation rslogix 500 standard editioneq-
rockwellautomation:rslogix_500_starter_editionrockwellautomation rslogix 500 starter editioneq-
rockwellautomation:rslogix_micro_developerrockwellautomation rslogix micro developereq-
rockwellautomation:rslogix_micro_starter_literockwellautomation rslogix micro starter liteeq-

CPE	Name	Operator	Version
rockwellautomation:rslogix_500_professional_edition	rockwellautomation rslogix 500 professional edition	eq	-
rockwellautomation:rslogix_500_standard_edition	rockwellautomation rslogix 500 standard edition	eq	-
rockwellautomation:rslogix_500_starter_edition	rockwellautomation rslogix 500 starter edition	eq	-
rockwellautomation:rslogix_micro_developer	rockwellautomation rslogix micro developer	eq	-
rockwellautomation:rslogix_micro_starter_lite	rockwellautomation rslogix micro starter lite	eq	-

References

www.securityfocus.com/bid/92983

ics-cert.us-cert.gov/advisories/ICSA-16-224-02

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CVE-2016-5814

nessus2 ics2 nvd1 prion1 zdi1 cvelist1