CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2012-6437

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile26.55th
Published2013年1月24日
Last Modified2026年6月3日

Vulnerability Description

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Affected Platforms (CPE)

📦
Rockwellautomation

Controllogix Controllers

<= 20
📦
Rockwellautomation

Guardlogix Controllers

<= 20
📦
Rockwellautomation

Micrologix

<= 1100
📦
Rockwellautomation

Micrologix

<= 1400
📦
Rockwellautomation

Softlogix Controllers

<= 19
🔌
Rockwellautomation

1756 Enbt

All versions
🔌
Rockwellautomation

1756 Eweb

All versions
🔌
Rockwellautomation

1768 Enbt

All versions
🔌
Rockwellautomation

1768 Eweb

All versions
🔌
Rockwellautomation

1794 Aentr Flex I\/o Ethernet\/ip Adapter

All versions
🔌
Rockwellautomation

Compactlogix

<= 18
🔌
Rockwellautomation

Compactlogix Controllers

<= 19
🔌
Rockwellautomation

Compactlogix L32e Controller

All versions
🔌
Rockwellautomation

Compactlogix L35e Controller

All versions
🔌
Rockwellautomation

Controllogix

<= 18
🔌
Rockwellautomation

Flexlogix 1788 Enbt Adapter

All versions
🔌
Rockwellautomation

Guardlogix

<= 18
🔌
Rockwellautomation

Softlogix

<= 18

References & Advisories

🔗 http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102
🔗 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
🔗 https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
🔗 https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
🔗 https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
🔗 http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf

相關漏洞威脅

CVE-2021-226819.8

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify ...

CVE-2018-179248.6

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat act...

CVE-2012-64398.5

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP,...

CVE-2012-64357.5

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, P...