The remote host has a version of RSLinx Classic installed that is prior to 3.73.00. It is, therefore, affected by an arbitrary code execution vulnerability due an overflow condition caused by improper validation of user-supplied input. A local attacker can exploit this, via a specially crafted comma-separated value (CSV) file, to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
Binary data scada_rslinx_classic_3_73_00.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
rockwellautomation | rslinx_classic | cpe:/a:rockwellautomation:rslinx_classic |