CVE-2013-2807
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
26/03/2019
Last modified:
10/02/2020
Description
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.10.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.10.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.20.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.21.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.30.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.40.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.50.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.51.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.60.00:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page