CVE-2016-9343
10.0
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 6.0
Source: NVD
Description
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
Affected (85)
Products: Rockwellautomation: Softlogix 5800 Controller Firmware, Rslogix Emulate 5000 Firmware, Guardlogix 5570 Controller Firmware, Flexlogix L34 Controller Firmware, Controllogix L55 Controller Firmware, Controllogix 5570 Redundant Controller Firmware, Controllogix 5570 Controller Firmware, Controllogix 5560 Redundant Controller Firmware, Controllogix 5560 Controller Firmware, 1769 Compactlogix L3x Controller Firmware, 1769 Compactlogix L23x Controller Firmware, 1769 Compactlogix 5370 L3 Controller Firmware, 1769 Compactlogix 5370 L2 Controller Firmware, 1769 Compactlogix 5370 L1 Controller Firmware, 1768 Compactlogix L4x Controller Firmware, 1768 Compact Guardlogix L4xs Controller Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 18.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Softlogix 5800 Controller | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 18.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Rslogix Emulate 5000 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Guardlogix 5570 Controller | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Flexlogix L34 Controller | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Controllogix L55 Controller | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 20.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Controllogix 5570 Redundant Controller | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 18.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Controllogix 5570 Controller | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Controllogix 5560 Redundant Controller | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Controllogix 5560 Controller | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1769 Compactlogix L3x Controller | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1769 Compactlogix L23x Controller | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 20.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1769 Compactlogix 5370 L3 Controller | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 20.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1769 Compactlogix 5370 L2 Controller | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 20.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1769 Compactlogix 5370 L1 Controller | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1768 Compactlogix L4x Controller | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 18.00 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 1768 Compact Guardlogix L4xs Controller | All versions |
References (4)
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.