210 matches found
CVE-2012-6442
When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communicatio...
Design/Logic Flaw
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...
Design/Logic Flaw
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...
CVE-2012-6436 Rockwell Automation ControlLogix PLC Improper Input Validation
The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could...
CVE-2012-6437 Rockwell Automation ControlLogix PLC Improper Authentication
The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and...
CVE-2012-6441 Rockwell Automation ControlLogix PLC Information Exposure
An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. Rockwell Automation EtherNet/I...
CVE-2012-6435
CVE-2012-6435 affects Rockwell Automation EtherNet/IP products (e.g., 1756-ENBT/ENBT, 1768-ENBT/EWEB, CompactLogix L32E/L35E, 1788-ENBT, 1794-AENTR, MicroLogix 1100/1400, and various ControlLogix/GuardLogix/SoftLogix platforms). The issue allows a CIP message from an unauthorized source to ports ...
CVE-2012-6440 Rockwell Automation ControlLogix PLC Improper Input Validation
The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell...
CVE-2012-6441
CVE-2012-6441 is an information-exposure vulnerability affecting Rockwell Automation EtherNet/IP products, including 1756-ENBT/1768-ENBT/1768-EWEB modules, CompactLogix/L18-L19 controllers, GuardLogix, SoftLogix, MicroLogix 1100/1400, and associated NICs and adapters. The issue arises when the de...
CVE-2012-6439 Rockwell Automation ControlLogix PLC Improper Access Control
When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation could cause loss of...
ROCKWELL Automation ControlLogix EtherNET/IP Reset Command Denial Of Service
...
ROCKWELL Automation ControlLogix EtherNET/IP Firmware Update Initialization
...
ROCKWELL Automation ControlLogix Crash 1756-ENBT Module (CrashEth)
...
ROCKWELL Automation ControlLogix Denial of Service (Crash CPU)
...
ROCKWELL Automation ControlLogix Denial of Service (CPU Stop)
...
ROCKWELL Automation ControlLogix EtherNET/IP Modules Boot Code Dump (Dump)
...
Design/Logic Flaw
The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603...
CVE-2009-0474
The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603...
CVE-2009-0472
Multiple cross-site scripting XSS vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...