Описание
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:18.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:19.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:21.00:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:softlogix_5800_controller:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:18.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:19.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:21.00:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:rslogix_emulate_5000:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:16.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:17.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:18.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:19.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.010:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.017:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:21.00:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5570_controller:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:rockwellautomation:flexlogix_l34_controller_firmware:16.00:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:flexlogix_l34_controller:-:*:*:*:*:*:*:*
Конфигурация 5
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:controllogix_l55_controller_firmware:16.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_l55_controller_firmware:16.020:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_l55_controller_firmware:16.022:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_l55_controller:-:*:*:*:*:*:*:*
Конфигурация 6
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.050:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.055:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:21.00:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5570_redundant_controller:-:*:*:*:*:*:*:*
Конфигурация 7
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:18.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:19.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.010:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.013:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:21.00:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5570_controller:-:*:*:*:*:*:*:*
Конфигурация 8
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:16.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:19.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:20.050:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:20.055:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5560_redundant_controller:-:*:*:*:*:*:*:*
Конфигурация 9
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:16.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:16.020:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:16.022:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:17.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:18.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:19.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:20.010:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:20.013:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5560_controller:-:*:*:*:*:*:*:*
Конфигурация 10
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:16.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:16.020:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:16.023:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:17.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:18.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:19.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:20.010:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:20.013:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1769_compactlogix_l3x_controller:-:*:*:*:*:*:*:*
Конфигурация 11
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:16.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:17.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:18.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:19.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:20.010:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:20.013:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1769_compactlogix_l23x_controller:-:*:*:*:*:*:*:*
Конфигурация 12
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:20.010:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:20.013:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:21.00:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1769_compactlogix_5370_l3_controller:-:*:*:*:*:*:*:*
Конфигурация 13
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:20.010:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:20.013:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:21.00:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1769_compactlogix_5370_l2_controller:-:*:*:*:*:*:*:*
Конфигурация 14
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:20.010:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:20.013:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:21.00:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1769_compactlogix_5370_l1_controller:-:*:*:*:*:*:*:*
Конфигурация 15
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:16.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:16.020:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:16.025:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:17.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:18.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:19.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:20.011:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:20.016:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1768_compactlogix_l4x_controller:-:*:*:*:*:*:*:*
Конфигурация 16
Одновременно
Одно из
cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:18.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:19.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:20.00:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:20.011:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:20.013:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1768_compact_guardlogix_l4xs_controller:-:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00069
Низкий
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 10
github
больше 3 лет назад
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
EPSS
Процентиль: 21%
0.00069
Низкий
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-787