← Back

CVE-2012-6436

nvd nist
Published: Jan 24, 2013Modified: Jun 3, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Affected (18)

Rockwellautomation
17 products
1756 Enbt
1756 Eweb
1768 Enbt
1768 Eweb
1794 Aentr Flex I/o Ethernet/ip Adapter
Compactlogix
Compactlogix Controllers
Compactlogix L32e Controller
Compactlogix L35e Controller
Controllogix
Controllogix Controllers
Flexlogix 1788 Enbt Adapter
Guardlogix
Guardlogix Controllers
Micrologix
Softlogix
Softlogix Controllers
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
1756 Enbt
All versions
1756 Eweb
All versions
1768 Enbt
All versions
1768 Eweb
All versions
1794 Aentr Flex I/o Ethernet/ip Adapter
All versions
Compactlogix
Up to 18
Compactlogix Controllers
Up to 19
Compactlogix L32e Controller
All versions
Compactlogix L35e Controller
All versions
Controllogix
Up to 18
Controllogix Controllers
Up to 20
Flexlogix 1788 Enbt Adapter
All versions
Guardlogix
Up to 18
Guardlogix Controllers
Up to 20
Micrologix
Up to 1100
Micrologix
Up to 1400
Softlogix
Up to 18
Softlogix Controllers
Up to 19

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource

Timeline

No history available yet.