CVE-2012-6442

EPSS 18.39%
Published 24.01.2013 21:55:01
Last modified 30.06.2025 22:15:29
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.



Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Affected products Warnungen 0 Metrics 3 CWE 2 References 10

Data is provided by the National Vulnerability Database (NVD)

Rockwellautomation ≫ Compactlogix Firmware Version-

Rockwellautomation ≫ L32e Version-
Rockwellautomation ≫ L35e Version-

Rockwellautomation ≫ Flexlogix Firmware Version-

Rockwellautomation ≫ 1788-enbt Version-

Rockwellautomation ≫ Micrologix Firmware Version-

Rockwellautomation ≫ 1100 Version-
Rockwellautomation ≫ 1400 Version-

Rockwellautomation ≫ Compactlogix Controllers Firmware Version19

Rockwellautomation ≫ Compactlogix Firmware Version18

Rockwellautomation ≫ Controllogix Controllers Firmware Version20

Rockwellautomation ≫ Controllogix Firmware Version18

Rockwellautomation ≫ Guardlogix Controllers Firmware Version20

Rockwellautomation ≫ Guardlogix Firmware Version18

Rockwellautomation ≫ Softlogix Controllers Firmware Version19

Rockwellautomation ≫ Softlogix Firmware Version18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.39%	0.949

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
ics-cert@hq.dhs.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf

Third Party Advisory

US Government Resource

Broken Link

https://tools.cisco.com/security/center/viewAlert.x?alertId=27862

Third Party Advisory

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154

https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155

https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156