Controllogix Security Vulnerabilities and Issues — Controllogix CVE List

Lucene search

RockwellautomationControllogix

7 matches found

CVE•added 2013/01/24 9:55 p.m.•76 views

CVE-2012-6437

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confid...

10CVSS6.5AI score0.24089EPSS

CVE•added 2013/01/24 9:55 p.m.•71 views

CVE-2012-6440

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell Aut...

9.3CVSS6.6AI score0.00897EPSS

CVE•added 2013/01/24 9:55 p.m.•69 views

CVE-2012-6435

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availability...

7.8CVSS6.4AI score0.24133EPSS

CVE•added 2013/01/24 9:55 p.m.•63 views

CVE-2012-6439

When an affectedproduct receives a valid CIP message from an unauthorized or unintendedsource to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port44818/UDP that changes the product’s configuration and networkparameters, a DoS condition can occur. This situation could cause lossof availability a...

8.5CVSS6.3AI score0.03139EPSS

CVE•added 2013/01/24 9:55 p.m.•61 views

CVE-2012-6441

An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. Rockwell Automation EtherNet/IP ...

5CVSS6AI score0.02309EPSS

CVE•added 2013/01/24 9:55 p.m.•60 views

CVE-2012-6438

The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could c...

7.8CVSS6.7AI score0.31454EPSS

CVE•added 2013/01/24 9:55 p.m.•57 views

CVE-2012-6436

The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could c...

7.8CVSS6.7AI score0.19083EPSS