CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-14829

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1220%
EPSS Percentile6.48th
Published2018年9月20日
Last Modified2024年11月21日

Vulnerability Description

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.

Affected Platforms (CPE)

📦
Rockwellautomation

Rslinx

<= 4.00.01

References & Advisories

🔗 https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02
🔗 https://www.tenable.com/security/research/tra-2018-26
🔗 https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02
🔗 https://www.tenable.com/security/research/tra-2018-26

関連する脆弱性情報

CVE-2012-471510.0

Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5...

CVE-2020-120019.8

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...

CVE-2019-65539.8

A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll fi...

CVE-2011-25309.3

Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLin...