Vulnerability CVE-2016-5814


Published: 2016-09-18   Modified: 2016-09-19

Description:
Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Rockwellautomation -> Rslogix 500 professional edition 
Rockwellautomation -> Rslogix 500 standard edition 
Rockwellautomation -> Rslogix 500 starter edition 
Rockwellautomation -> Rslogix micro developer 
Rockwellautomation -> Rslogix micro starter lite 

 References:
https://ics-cert.us-cert.gov/advisories/ICSA-16-224-02

Copyright 2020, cxsecurity.com

 

Back to Top