Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for softlogix_5800_controller_firmware by rockwellautomation

    CVE-2016-9343 (GCVE-0-2016-9343)

    Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
    VLAI
    Summary
    An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
    Severity
    No CVSS data available.
    CWE
    • Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 Affected: Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00
    Date Public
    2017-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:50:38.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
              },
              {
                "name": "95304",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95304"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00"
                }
              ]
            }
          ],
          "datePublic": "2017-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-14T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
            },
            {
              "name": "95304",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95304"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2016-9343",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
                },
                {
                  "name": "95304",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95304"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2016-9343",
        "datePublished": "2017-02-13T21:00:00.000Z",
        "dateReserved": "2016-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:50:38.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9343 (GCVE-0-2016-9343)

    Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
    VLAI
    Summary
    An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
    Severity
    No CVSS data available.
    CWE
    • Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 Affected: Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00
    Date Public
    2017-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:50:38.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
              },
              {
                "name": "95304",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95304"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00"
                }
              ]
            }
          ],
          "datePublic": "2017-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-14T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
            },
            {
              "name": "95304",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95304"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2016-9343",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
                },
                {
                  "name": "95304",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95304"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2016-9343",
        "datePublished": "2017-02-13T21:00:00.000Z",
        "dateReserved": "2016-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:50:38.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }