Rockwellautomation Rslogix Improper Restriction of Operations within the Bounds of a Memory Buffer

2019-11-08T00:00:00
ID OT_500146.NASL
Type nessus
Reporter This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2019-11-08T00:00:00

Description

RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.

                                        
                                            File data ot_500146.nasl