Vulnerabilities for Guardlogix controllers (...) - CXSECURITY.COM

Vulnerabilities for 'Guardlogix controllers'

2013-01-24

CVE-2012-6442

CWE-119

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a reset.

CVE-2012-6441

CWE-200

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to obtain sensitive information via a crafted CIP packet.

CVE-2012-6440

CWE-287

The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic.

CVE-2012-6439

CWE-Other

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters.

CVE-2012-6438

CWE-119

Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet.

CVE-2012-6437

CWE-287

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image.

CVE-2012-6436

CWE-119

Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (CPU crash and communication outage) via a malformed CIP packet.

CVE-2012-6435

CWE-399

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a logic-execution stop and fault.

>>> Vendor: Rockwellautomation 144 Products

Controllogix 1756-enbt/a ethernet/ ip bridge

Ab micrologix controller 1100

Ab micrologix controller 1400

1756-enbt series a

1756-enbt series a firmware

Eds hardware installation tool

Factorytalk diagnostics viewer

Ab micrologix controller

Plc-5 controller

Slc 500 controller

Controllogix controllers

Guardlogix controllers

Softlogix controllers

1794-aentr flex i/o ethernet/ip adapter

Compactlogix controllers

Compactlogix l32e controller

Compactlogix l35e controller

Flexlogix 1788-enbt adapter

Rslinx enterprise

Factorytalk services platform

Rslogix 5000 design and configuration software

Connected components workbench

Factorytalk view studio

Micrologix 1100 firmware

Micrologix 1400 firmware

1763-l16awa series a

1763-l16awa series b

1763-l16bbb series a

1763-l16bbb series b

1763-l16bwa series a

1763-l16bwa series b

1763-l16dwd series a

1763-l16dwd series b

Compactlogix controller 1769 firmware

Integrated architecture builder

Factorytalk energrymetrix

Rslogix 500 professional edition

Rslogix 500 standard edition

Rslogix 500 starter edition

Rslogix micro developer

Rslogix micro starter lite

1766-l32awa series b

1766-l32bxb series b

1766-l32awa series a

1766-l32bxb series a

1766-l32awaa series a

1766-l32bxba series b

1766-l32awaa series b

1766-l32bwaa series a

1766-l32bwa series b

1766-l32bwa series a

1766-l32bwaa series b

1766-l32bxba series a

Controllogix 5580 firmware

Compactlogix 5830 firmware

Panelview plus 6 700-1500 firmware

1763-l16dwd firmware

1763-l16bbb firmware

1763-l16bwa firmware

1763-l16awa firmware

Factorytalk alarms and events

1766-l32awa firmware

1766-l32awaa firmware

1766-l32bwa firmware

1766-l32bwaa firmware

1766-l32bxb firmware

1766-l32bxba firmware

Micrologix 1400 b firmware

Factorytalk activation

Allen-bradley l30erms firmware

1756-en2f series a firmware

1756-en2f series b firmware

1756-en2f series c firmware

1756-en2t series a firmware

1756-en2t series b firmware

1756-en2t series c firmware

1756-en2t series d firmware

See all Products for Vendor Rockwellautomation

Copyright 2024, cxsecurity.com