ID

VAR-201109-0182


CVE

CVE-2011-3489


TITLE

RSLogix Remote Denial of Service Vulnerability

Trust: 1.1

sources: IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3647 // BID: 49608

DESCRIPTION

RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field. RSLinx Classic connects RSLogix and RSNetWorx products to Rockwell Automation networks and devices, and is also an OPC server. RsvcHost.exe and RNADiagReceiver.exe listen to 4446 and other ports. Rockwell RSLogix is a programming software for industrial automation. An attacker could exploit this vulnerability to execute arbitrary code for an attack. RSLogix is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. RSLogix 5000 is vulnerable. Other versions may also be affected. A buffer overflow vulnerability exists in RnaUtility.dll in RsvcHost.exe version 2.30.0.23 of Rockwell RSLogix 19 and earlier

Trust: 4.14

sources: NVD: CVE-2011-3489 // JVNDB: JVNDB-2011-002252 // CNVD: CNVD-2011-3724 // CNVD: CNVD-2011-3647 // CNVD: CNVD-2011-3683 // BID: 49608 // IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d // VULHUB: VHN-51434

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.4

sources: IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3724 // CNVD: CNVD-2011-3647 // CNVD: CNVD-2011-3683

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:rslogixscope:lteversion:19

Trust: 1.0

vendor:rockwell automationmodel:rslogixscope:lteversion:19

Trust: 0.8

vendor:rockwellmodel:automation rslogix/factorytalkscope:lteversion:<=19

Trust: 0.6

vendor:rockwallmodel:automation rslogixscope:eqversion:5000

Trust: 0.6

vendor:rockwellmodel:automation rockwell rslogixscope:lteversion:<=19

Trust: 0.6

vendor:rockwellautomationmodel:rslogixscope:eqversion:19

Trust: 0.6

vendor:rslogixmodel: - scope:eqversion:*

Trust: 0.4

vendor:rockwallmodel:automation rslogixscope:eqversion:500019

Trust: 0.3

vendor:rockwallmodel:automation rslogixscope:eqversion:500018

Trust: 0.3

vendor:rockwallmodel:automation rslogixscope:eqversion:500017

Trust: 0.3

vendor:rockwallmodel:automation rslogixscope:eqversion:50000

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr4scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr3scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr2scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr1scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalkscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automationscope:eqversion:*

Trust: 0.2

vendor:rockwellmodel:rslogixscope:lteversion:<=19

Trust: 0.2

sources: IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3724 // CNVD: CNVD-2011-3647 // CNVD: CNVD-2011-3683 // BID: 49608 // JVNDB: JVNDB-2011-002252 // CNNVD: CNNVD-201109-262 // NVD: CVE-2011-3489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3489
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-3489
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201109-262
value: MEDIUM

Trust: 0.6

IVD: a50faadc-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-51434
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-3489
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: a50faadc-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.3 [IVD]

Trust: 0.2

VULHUB: VHN-51434
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d // VULHUB: VHN-51434 // JVNDB: JVNDB-2011-002252 // CNNVD: CNNVD-201109-262 // NVD: CVE-2011-3489

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-51434 // JVNDB: JVNDB-2011-002252 // NVD: CVE-2011-3489

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201109-262 // CNNVD: CNNVD-201109-186

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201109-262

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002252

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-51434

PATCH

title:Top Pageurl:http://www.rockwellautomation.com/

Trust: 0.8

title:Design & Configurationurl:http://www.rockwellautomation.com/rockwellsoftware/design/

Trust: 0.8

sources: JVNDB: JVNDB-2011-002252

EXTERNAL IDS

db:NVDid:CVE-2011-3489

Trust: 3.8

db:BIDid:49608

Trust: 2.6

db:CNNVDid:CNNVD-201109-262

Trust: 1.1

db:SREASONid:8383

Trust: 1.1

db:CNVDid:CNVD-2011-3724

Trust: 0.8

db:CNVDid:CNVD-2011-3647

Trust: 0.8

db:CNVDid:CNVD-2011-3683

Trust: 0.8

db:JVNDBid:JVNDB-2011-002252

Trust: 0.8

db:EXPLOIT-DBid:17843

Trust: 0.7

db:CNNVDid:CNNVD-201109-186

Trust: 0.6

db:ICS CERT ALERTid:ICS-ALERT-11-256-05A

Trust: 0.3

db:ICS CERTid:ICSA-11-273-03

Trust: 0.3

db:IVDid:A50FAADC-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:E84A6D20-1F88-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:D48E7D58-1F88-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-51434

Trust: 0.1

sources: IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3724 // CNVD: CNVD-2011-3647 // CNVD: CNVD-2011-3683 // VULHUB: VHN-51434 // BID: 49608 // JVNDB: JVNDB-2011-002252 // CNNVD: CNNVD-201109-262 // CNNVD: CNNVD-201109-186 // NVD: CVE-2011-3489

REFERENCES

url:http://aluigi.altervista.org/adv/rslogix_1-adv.txt

Trust: 3.2

url:http://www.securityfocus.com/bid/49608

Trust: 1.7

url:http://securityreason.com/securityalert/8383

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/69808

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3489

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3489

Trust: 0.8

url:http://www.exploit-db.com/exploits/17843/

Trust: 0.6

url:http://rockwellautomation.custhelp.com/app/answers/detail/a_id/456144

Trust: 0.3

url:http://www.rockwellautomation.com/rockwellsoftware/design/rslogix5000/

Trust: 0.3

url:http://aluigi.org/poc/rslogix_1.zip

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-05a.pdf

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/icsa-11-273-03.pdf

Trust: 0.3

sources: CNVD: CNVD-2011-3724 // CNVD: CNVD-2011-3647 // CNVD: CNVD-2011-3683 // VULHUB: VHN-51434 // BID: 49608 // JVNDB: JVNDB-2011-002252 // CNNVD: CNNVD-201109-262 // CNNVD: CNNVD-201109-186 // NVD: CVE-2011-3489

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 49608 // CNNVD: CNNVD-201109-186

SOURCES

db:IVDid:a50faadc-2354-11e6-abef-000c29c66e3d
db:IVDid:e84a6d20-1f88-11e6-abef-000c29c66e3d
db:IVDid:d48e7d58-1f88-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-3724
db:CNVDid:CNVD-2011-3647
db:CNVDid:CNVD-2011-3683
db:VULHUBid:VHN-51434
db:BIDid:49608
db:JVNDBid:JVNDB-2011-002252
db:CNNVDid:CNNVD-201109-262
db:CNNVDid:CNNVD-201109-186
db:NVDid:CVE-2011-3489

LAST UPDATE DATE

2024-08-14T14:21:36.075000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-3724date:2011-09-20T00:00:00
db:CNVDid:CNVD-2011-3647date:2011-09-14T00:00:00
db:CNVDid:CNVD-2011-3683date:2011-09-15T00:00:00
db:VULHUBid:VHN-51434date:2017-08-29T00:00:00
db:BIDid:49608date:2011-09-30T22:50:00
db:JVNDBid:JVNDB-2011-002252date:2011-09-28T00:00:00
db:CNNVDid:CNNVD-201109-262date:2011-09-19T00:00:00
db:CNNVDid:CNNVD-201109-186date:2011-09-15T00:00:00
db:NVDid:CVE-2011-3489date:2017-08-29T01:30:12.740

SOURCES RELEASE DATE

db:IVDid:a50faadc-2354-11e6-abef-000c29c66e3ddate:2011-09-20T00:00:00
db:IVDid:e84a6d20-1f88-11e6-abef-000c29c66e3ddate:2011-09-14T00:00:00
db:IVDid:d48e7d58-1f88-11e6-abef-000c29c66e3ddate:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3724date:2011-09-20T00:00:00
db:CNVDid:CNVD-2011-3647date:2011-09-14T00:00:00
db:CNVDid:CNVD-2011-3683date:2011-09-15T00:00:00
db:VULHUBid:VHN-51434date:2011-09-16T00:00:00
db:BIDid:49608date:2011-09-13T00:00:00
db:JVNDBid:JVNDB-2011-002252date:2011-09-28T00:00:00
db:CNNVDid:CNNVD-201109-262date:2011-09-19T00:00:00
db:CNNVDid:CNNVD-201109-186date:1900-01-01T00:00:00
db:NVDid:CVE-2011-3489date:2011-09-16T14:28:12.060