Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2012-6440
HistoryJan 24, 2013 - 9:55 p.m.

CVE-2012-6440

2013-01-2421:55:01
CWE-287
[email protected]
web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.1%

JSON

The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic.

Affected configurations

NVD
Node
rockwellautomationcontrollogix_controllersRange20
OR
rockwellautomationguardlogix_controllersRange20
OR
rockwellautomationmicrologixRange1100
OR
rockwellautomationmicrologixRange1400
OR
rockwellautomationsoftlogix_controllersRange19
OR
rockwellautomation1756-enbtMatch-
OR
rockwellautomation1756-ewebMatch-
OR
rockwellautomation1768-enbtMatch-
OR
rockwellautomation1768-ewebMatch-
OR
rockwellautomation1794-aentr_flex_i\/o_ethernet\/ip_adapterMatch-
OR
rockwellautomationcompactlogixRange18
OR
rockwellautomationcompactlogix_controllersRange19
OR
rockwellautomationcompactlogix_l32e_controllerMatch-
OR
rockwellautomationcompactlogix_l35e_controllerMatch-
OR
rockwellautomationcontrollogixRange18
OR
rockwellautomationflexlogix_1788-enbt_adapterMatch-
OR
rockwellautomationguardlogixRange18
OR
rockwellautomationsoftlogixRange18

Related

cve 1
cvelist 1
nessus 3
prion 1
ics 1
cve
cve
CVE-2012-6440
2022-10-03 16:15:28
cvelist
cvelist
CVE-2012-6440
2022-10-03 16:15:28
nessus
nessus
Rockwell ControlLogix controllers Improper Authentication (CVE-2012-6440)
2022-02-07 00:00:00
Rockwellautomation Controllogix Improper Authentication
2019-11-08 00:00:00
Allen-Bradley MicroLogix 1400 Multiple Vulnerabilities
2016-05-27 00:00:00
prion
prion
Authentication flaw
2013-01-24 21:55:00
ics
ics
Rockwell Automation ControlLogix PLC Vulnerabilities
2019-02-13 12:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.1%

JSON
Related for NVD:CVE-2012-6440
cve1cvelist1nessus3prion1ics1