Rockwell Automation ControlLogix ICSA-19-120-01 Multiple Buffer Overflow Vulnerabilities



Rockwell Automation ControlLogix is prone to multiple buffer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition.

Information

Bugtraq ID: 108118
Class: Design Error
CVE: CVE-2019-10952
CVE-2019-10954

Remote: Yes
Local: No
Published: Apr 30 2019 12:00AM
Updated: Apr 30 2019 12:00AM
Credit: Younes Dragoni of Nozomi Networks, George Lashenko of CyberX
Vulnerable: Rockwell Automation CompactLogix 5370 L3 30.014
Rockwell Automation CompactLogix 5370 L3 30.012
Rockwell Automation CompactLogix 5370 L3 30.011
Rockwell Automation CompactLogix 5370 L3 29.011
Rockwell Automation CompactLogix 5370 L3 28.012
Rockwell Automation CompactLogix 5370 L3 28.011
Rockwell Automation CompactLogix 5370 L3 27.011
Rockwell Automation CompactLogix 5370 L3 26.013
Rockwell Automation CompactLogix 5370 L3 26.012
Rockwell Automation CompactLogix 5370 L3 24.013
Rockwell Automation CompactLogix 5370 L3 24.011
Rockwell Automation CompactLogix 5370 L3 23.012
Rockwell Automation CompactLogix 5370 L3 23.011
Rockwell Automation CompactLogix 5370 L3 21.011
Rockwell Automation CompactLogix 5370 L3 20.019
Rockwell Automation CompactLogix 5370 L3 20.018
Rockwell Automation CompactLogix 5370 L3 20.014
Rockwell Automation CompactLogix 5370 L3 20.013
Rockwell Automation CompactLogix 5370 L3 20.012
Rockwell Automation CompactLogix 5370 L3 20.011
Rockwell Automation CompactLogix 5370 L2 30.014
Rockwell Automation CompactLogix 5370 L2 30.012
Rockwell Automation CompactLogix 5370 L2 30.011
Rockwell Automation CompactLogix 5370 L2 29.011
Rockwell Automation CompactLogix 5370 L2 28.012
Rockwell Automation CompactLogix 5370 L2 28.011
Rockwell Automation CompactLogix 5370 L2 27.011
Rockwell Automation CompactLogix 5370 L2 26.013
Rockwell Automation CompactLogix 5370 L2 26.012
Rockwell Automation CompactLogix 5370 L2 24.013
Rockwell Automation CompactLogix 5370 L2 24.011
Rockwell Automation CompactLogix 5370 L2 23.012
Rockwell Automation CompactLogix 5370 L2 23.011
Rockwell Automation CompactLogix 5370 L2 21.011
Rockwell Automation CompactLogix 5370 L2 20.019
Rockwell Automation CompactLogix 5370 L2 20.018
Rockwell Automation CompactLogix 5370 L2 20.014
Rockwell Automation CompactLogix 5370 L2 20.013
Rockwell Automation CompactLogix 5370 L2 20.012
Rockwell Automation CompactLogix 5370 L1 30.014
Rockwell Automation CompactLogix 5370 L1 30.012
Rockwell Automation CompactLogix 5370 L1 30.011
Rockwell Automation CompactLogix 5370 L1 29.011
Rockwell Automation CompactLogix 5370 L1 28.012
Rockwell Automation CompactLogix 5370 L1 28.011
Rockwell Automation CompactLogix 5370 L1 27.011
Rockwell Automation CompactLogix 5370 L1 26.013
Rockwell Automation CompactLogix 5370 L1 26.012
Rockwell Automation CompactLogix 5370 L1 24.013
Rockwell Automation CompactLogix 5370 L1 24.011
Rockwell Automation CompactLogix 5370 L1 23.012
Rockwell Automation CompactLogix 5370 L1 23.011
Rockwell Automation CompactLogix 5370 L1 21.011
Rockwell Automation CompactLogix 5370 L1 20.019
Rockwell Automation CompactLogix 5370 L1 20.018
Rockwell Automation CompactLogix 5370 L1 20.014
Rockwell Automation CompactLogix 5370 L1 20.013
Rockwell Automation CompactLogix 5370 L1 20.012
Rockwell Automation CompactLogix 5370 L1 20.011
Rockwell Automation Compact GuardLogix 5370 30.014
Rockwell Automation Compact GuardLogix 5370 30.012
Rockwell Automation Armor Compact GuardLogix 5370 30.012


Not Vulnerable: Rockwell Automation CompactLogix 5370 L3 31.011
Rockwell Automation CompactLogix 5370 L2 31.011
Rockwell Automation CompactLogix 5370 L1 31.011
Rockwell Automation Compact GuardLogix 5370 31.011
Rockwell Automation Armor Compact GuardLogix 5370 31.011


Exploit


An attacker can use readily available tools to exploit this issue.


Source: www.securityfocus.com
Related Posts