Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for RSLinx Enterprise Software by Rockwell Automation

    CVE-2013-2805 (GCVE-0-2013-2805)

    Vulnerability from nvd – Published: 2019-03-26 17:04 – Updated: 2024-08-06 15:52
    VLAI
    Summary
    Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - Out-of-bounds read CWE-125
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rockwell Automation RSLinx Enterprise Software Affected: CPR9
    Affected: CPR9-SR1
    Affected: CPR9-SR2
    Affected: CPR9-SR3
    Affected: CPR9-SR4
    Affected: CPR9-SR5
    Affected: CPR9-SR5.1
    Affected: CPR9-SR6
    Create a notification for this product.
    Date Public
    2013-10-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:52:20.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSLinx Enterprise Software",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPR9"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR2"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR3"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR4"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5.1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR6"
                }
              ]
            }
          ],
          "datePublic": "2013-10-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the \u201cRecord Data Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds read CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T17:04:00.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2013-2805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSLinx Enterprise Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CPR9"
                              },
                              {
                                "version_value": "CPR9-SR1"
                              },
                              {
                                "version_value": "CPR9-SR2"
                              },
                              {
                                "version_value": "CPR9-SR3"
                              },
                              {
                                "version_value": "CPR9-SR4"
                              },
                              {
                                "version_value": "CPR9-SR5"
                              },
                              {
                                "version_value": "CPR9-SR5.1"
                              },
                              {
                                "version_value": "CPR9-SR6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rockwell Automation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the \u201cRecord Data Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds read CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2013-2805",
        "datePublished": "2019-03-26T17:04:00.000Z",
        "dateReserved": "2013-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:52:20.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2807 (GCVE-0-2013-2807)

    Vulnerability from nvd – Published: 2019-03-26 16:35 – Updated: 2024-08-06 15:52
    VLAI
    Summary
    Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
    Severity
    No CVSS data available.
    CWE
    • CWE-190 - Integer overflow CWE-190
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rockwell Automation RSLinx Enterprise Software Affected: CPR9
    Affected: CPR9-SR1
    Affected: CPR9-SR2
    Affected: CPR9-SR3
    Affected: CPR9-SR4
    Affected: CPR9-SR5
    Affected: CPR9-SR5.1
    Affected: CPR9-SR6
    Create a notification for this product.
    Date Public
    2013-10-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:52:20.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSLinx Enterprise Software",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPR9"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR2"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR3"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR4"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5.1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR6"
                }
              ]
            }
          ],
          "datePublic": "2013-10-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer overflow CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T16:44:28.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2013-2807",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSLinx Enterprise Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CPR9"
                              },
                              {
                                "version_value": "CPR9-SR1"
                              },
                              {
                                "version_value": "CPR9-SR2"
                              },
                              {
                                "version_value": "CPR9-SR3"
                              },
                              {
                                "version_value": "CPR9-SR4"
                              },
                              {
                                "version_value": "CPR9-SR5"
                              },
                              {
                                "version_value": "CPR9-SR5.1"
                              },
                              {
                                "version_value": "CPR9-SR6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rockwell Automation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer overflow CWE-190"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2013-2807",
        "datePublished": "2019-03-26T16:35:16.000Z",
        "dateReserved": "2013-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:52:20.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2806 (GCVE-0-2013-2806)

    Vulnerability from nvd – Published: 2019-03-26 16:47 – Updated: 2024-08-06 15:52
    VLAI
    Summary
    Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
    Severity
    No CVSS data available.
    CWE
    • CWE-190 - Integer overflow CWE-190
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rockwell Automation RSLinx Enterprise Software Affected: CPR9
    Affected: CPR9-SR1
    Affected: CPR9-SR2
    Affected: CPR9-SR3
    Affected: CPR9-SR4
    Affected: CPR9-SR5
    Affected: CPR9-SR5.1
    Affected: CPR9-SR6
    Create a notification for this product.
    Date Public
    2013-10-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:52:21.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSLinx Enterprise Software",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPR9"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR2"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR3"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR4"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5.1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR6"
                }
              ]
            }
          ],
          "datePublic": "2013-10-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cEnd of Current Record\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size.\u201d Then the service will calculate an incorrect value for the \u201cEnd of Current Record\u201d field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer overflow CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T16:47:23.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2013-2806",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSLinx Enterprise Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CPR9"
                              },
                              {
                                "version_value": "CPR9-SR1"
                              },
                              {
                                "version_value": "CPR9-SR2"
                              },
                              {
                                "version_value": "CPR9-SR3"
                              },
                              {
                                "version_value": "CPR9-SR4"
                              },
                              {
                                "version_value": "CPR9-SR5"
                              },
                              {
                                "version_value": "CPR9-SR5.1"
                              },
                              {
                                "version_value": "CPR9-SR6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rockwell Automation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cEnd of Current Record\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size.\u201d Then the service will calculate an incorrect value for the \u201cEnd of Current Record\u201d field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer overflow CWE-190"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2013-2806",
        "datePublished": "2019-03-26T16:47:24.000Z",
        "dateReserved": "2013-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:52:21.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2805 (GCVE-0-2013-2805)

    Vulnerability from cvelistv5 – Published: 2019-03-26 17:04 – Updated: 2024-08-06 15:52
    VLAI
    Summary
    Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - Out-of-bounds read CWE-125
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rockwell Automation RSLinx Enterprise Software Affected: CPR9
    Affected: CPR9-SR1
    Affected: CPR9-SR2
    Affected: CPR9-SR3
    Affected: CPR9-SR4
    Affected: CPR9-SR5
    Affected: CPR9-SR5.1
    Affected: CPR9-SR6
    Create a notification for this product.
    Date Public
    2013-10-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:52:20.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSLinx Enterprise Software",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPR9"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR2"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR3"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR4"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5.1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR6"
                }
              ]
            }
          ],
          "datePublic": "2013-10-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the \u201cRecord Data Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds read CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T17:04:00.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2013-2805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSLinx Enterprise Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CPR9"
                              },
                              {
                                "version_value": "CPR9-SR1"
                              },
                              {
                                "version_value": "CPR9-SR2"
                              },
                              {
                                "version_value": "CPR9-SR3"
                              },
                              {
                                "version_value": "CPR9-SR4"
                              },
                              {
                                "version_value": "CPR9-SR5"
                              },
                              {
                                "version_value": "CPR9-SR5.1"
                              },
                              {
                                "version_value": "CPR9-SR6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rockwell Automation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the \u201cRecord Data Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds read CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2013-2805",
        "datePublished": "2019-03-26T17:04:00.000Z",
        "dateReserved": "2013-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:52:20.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2806 (GCVE-0-2013-2806)

    Vulnerability from cvelistv5 – Published: 2019-03-26 16:47 – Updated: 2024-08-06 15:52
    VLAI
    Summary
    Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
    Severity
    No CVSS data available.
    CWE
    • CWE-190 - Integer overflow CWE-190
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rockwell Automation RSLinx Enterprise Software Affected: CPR9
    Affected: CPR9-SR1
    Affected: CPR9-SR2
    Affected: CPR9-SR3
    Affected: CPR9-SR4
    Affected: CPR9-SR5
    Affected: CPR9-SR5.1
    Affected: CPR9-SR6
    Create a notification for this product.
    Date Public
    2013-10-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:52:21.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSLinx Enterprise Software",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPR9"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR2"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR3"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR4"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5.1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR6"
                }
              ]
            }
          ],
          "datePublic": "2013-10-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cEnd of Current Record\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size.\u201d Then the service will calculate an incorrect value for the \u201cEnd of Current Record\u201d field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer overflow CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T16:47:23.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2013-2806",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSLinx Enterprise Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CPR9"
                              },
                              {
                                "version_value": "CPR9-SR1"
                              },
                              {
                                "version_value": "CPR9-SR2"
                              },
                              {
                                "version_value": "CPR9-SR3"
                              },
                              {
                                "version_value": "CPR9-SR4"
                              },
                              {
                                "version_value": "CPR9-SR5"
                              },
                              {
                                "version_value": "CPR9-SR5.1"
                              },
                              {
                                "version_value": "CPR9-SR6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rockwell Automation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cEnd of Current Record\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size.\u201d Then the service will calculate an incorrect value for the \u201cEnd of Current Record\u201d field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer overflow CWE-190"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2013-2806",
        "datePublished": "2019-03-26T16:47:24.000Z",
        "dateReserved": "2013-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:52:21.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2807 (GCVE-0-2013-2807)

    Vulnerability from cvelistv5 – Published: 2019-03-26 16:35 – Updated: 2024-08-06 15:52
    VLAI
    Summary
    Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
    Severity
    No CVSS data available.
    CWE
    • CWE-190 - Integer overflow CWE-190
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rockwell Automation RSLinx Enterprise Software Affected: CPR9
    Affected: CPR9-SR1
    Affected: CPR9-SR2
    Affected: CPR9-SR3
    Affected: CPR9-SR4
    Affected: CPR9-SR5
    Affected: CPR9-SR5.1
    Affected: CPR9-SR6
    Create a notification for this product.
    Date Public
    2013-10-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:52:20.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSLinx Enterprise Software",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPR9"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR2"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR3"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR4"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR5.1"
                },
                {
                  "status": "affected",
                  "version": "CPR9-SR6"
                }
              ]
            }
          ],
          "datePublic": "2013-10-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer overflow CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T16:44:28.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2013-2807",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSLinx Enterprise Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CPR9"
                              },
                              {
                                "version_value": "CPR9-SR1"
                              },
                              {
                                "version_value": "CPR9-SR2"
                              },
                              {
                                "version_value": "CPR9-SR3"
                              },
                              {
                                "version_value": "CPR9-SR4"
                              },
                              {
                                "version_value": "CPR9-SR5"
                              },
                              {
                                "version_value": "CPR9-SR5.1"
                              },
                              {
                                "version_value": "CPR9-SR6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Rockwell Automation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer overflow CWE-190"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2013-2807",
        "datePublished": "2019-03-26T16:35:16.000Z",
        "dateReserved": "2013-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:52:20.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }