Sign-up

ID

VAR-201109-0182


CVE

CVE-2011-3489


TITLE

RSLogix Remote Denial of Service Vulnerability

Trust: 1.1

sources: IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3647 // BID: 49608

DESCRIPTION

RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field. RSLinx Classic connects RSLogix and RSNetWorx products to Rockwell Automation networks and devices, and is also an OPC server. RsvcHost.exe and RNADiagReceiver.exe listen to 4446 and other ports. Rockwell RSLogix is a programming software for industrial automation. An attacker could exploit this vulnerability to execute arbitrary code for an attack. RSLogix is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. RSLogix 5000 is vulnerable. Other versions may also be affected. A buffer overflow vulnerability exists in RnaUtility.dll in RsvcHost.exe version 2.30.0.23 of Rockwell RSLogix 19 and earlier

Trust: 4.14

sources: NVD: CVE-2011-3489 // JVNDB: JVNDB-2011-002252 // CNVD: CNVD-2011-3724 // CNVD: CNVD-2011-3647 // CNVD: CNVD-2011-3683 // BID: 49608 // IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d // VULHUB: VHN-51434

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.4

sources: IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3724 // CNVD: CNVD-2011-3647 // CNVD: CNVD-2011-3683

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:rslogixscope:lteversion:19

Trust: 1.0

vendor:rockwell automationmodel:rslogixscope:lteversion:19

Trust: 0.8

vendor:rockwellmodel:automation rslogix/factorytalkscope:lteversion:<=19

Trust: 0.6

vendor:rockwallmodel:automation rslogixscope:eqversion:5000

Trust: 0.6

vendor:rockwellmodel:automation rockwell rslogixscope:lteversion:<=19

Trust: 0.6

vendor:rockwellautomationmodel:rslogixscope:eqversion:19

Trust: 0.6

vendor:rslogixmodel: - scope:eqversion:*

Trust: 0.4

vendor:rockwallmodel:automation rslogixscope:eqversion:500019

Trust: 0.3

vendor:rockwallmodel:automation rslogixscope:eqversion:500018

Trust: 0.3

vendor:rockwallmodel:automation rslogixscope:eqversion:500017

Trust: 0.3

vendor:rockwallmodel:automation rslogixscope:eqversion:50000

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr4scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr3scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr2scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr1scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalkscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automationscope:eqversion:*

Trust: 0.2

vendor:rockwellmodel:rslogixscope:lteversion:<=19

Trust: 0.2

sources: IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3724 // CNVD: CNVD-2011-3647 // CNVD: CNVD-2011-3683 // BID: 49608 // JVNDB: JVNDB-2011-002252 // CNNVD: CNNVD-201109-262 // NVD: CVE-2011-3489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3489
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-3489
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201109-262
value: MEDIUM

Trust: 0.6

IVD: a50faadc-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-51434
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-3489
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: a50faadc-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.3 [IVD]

Trust: 0.2

VULHUB: VHN-51434
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d // VULHUB: VHN-51434 // JVNDB: JVNDB-2011-002252 // CNNVD: CNNVD-201109-262 // NVD: CVE-2011-3489

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-51434 // JVNDB: JVNDB-2011-002252 // NVD: CVE-2011-3489

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201109-262 // CNNVD: CNNVD-201109-186

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: a50faadc-2354-11e6-abef-000c29c66e3d // IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201109-262

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002252

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-51434

PATCH
title:Top Pageurl:http://www.rockwellautomation.com/
Trust: 0.8
title:Design & Configurationurl:http://www.rockwellautomation.com/rockwellsoftware/design/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-002252

EXTERNAL IDS
db:NVDid:CVE-2011-3489
Trust: 3.8
db:BIDid:49608
Trust: 2.6
db:CNNVDid:CNNVD-201109-262
Trust: 1.1
db:SREASONid:8383
Trust: 1.1
db:CNVDid:CNVD-2011-3724
Trust: 0.8
db:CNVDid:CNVD-2011-3647
Trust: 0.8
db:CNVDid:CNVD-2011-3683
Trust: 0.8
db:JVNDBid:JVNDB-2011-002252
Trust: 0.8
db:EXPLOIT-DBid:17843
Trust: 0.7
db:CNNVDid:CNNVD-201109-186
Trust: 0.6
db:ICS CERT ALERTid:ICS-ALERT-11-256-05A
Trust: 0.3
db:ICS CERTid:ICSA-11-273-03
Trust: 0.3
db:IVDid:A50FAADC-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:E84A6D20-1F88-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:D48E7D58-1F88-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-51434
Trust: 0.1
sources:
            
            
            IVD: a50faadc-2354-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: e84a6d20-1f88-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: d48e7d58-1f88-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2011-3724 // 
            
            
            
            CNVD: CNVD-2011-3647 // 
            
            
            
            CNVD: CNVD-2011-3683 // 
            
            
            
            VULHUB: VHN-51434 // 
            
            
            
            BID: 49608 // 
            
            
            
            JVNDB: JVNDB-2011-002252 // 
            
            
            
            CNNVD: CNNVD-201109-262 // 
            
            
            
            CNNVD: CNNVD-201109-186 // 
            
            
            
            NVD: CVE-2011-3489

REFERENCES
url:http://aluigi.altervista.org/adv/rslogix_1-adv.txt
Trust: 3.2
url:http://www.securityfocus.com/bid/49608
Trust: 1.7
url:http://securityreason.com/securityalert/8383
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/69808
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3489
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3489
Trust: 0.8
url:http://www.exploit-db.com/exploits/17843/
Trust: 0.6
url:http://rockwellautomation.custhelp.com/app/answers/detail/a_id/456144
Trust: 0.3
url:http://www.rockwellautomation.com/rockwellsoftware/design/rslogix5000/
Trust: 0.3
url:http://aluigi.org/poc/rslogix_1.zip
Trust: 0.3
url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-05a.pdf
Trust: 0.3
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-273-03.pdf
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2011-3724 // 
            
            
            
            CNVD: CNVD-2011-3647 // 
            
            
            
            CNVD: CNVD-2011-3683 // 
            
            
            
            VULHUB: VHN-51434 // 
            
            
            
            BID: 49608 // 
            
            
            
            JVNDB: JVNDB-2011-002252 // 
            
            
            
            CNNVD: CNNVD-201109-262 // 
            
            
            
            CNNVD: CNNVD-201109-186 // 
            
            
            
            NVD: CVE-2011-3489

CREDITS
Luigi Auriemma
Trust: 0.9
sources:
            
            
            BID: 49608 // 
            
            
            
            CNNVD: CNNVD-201109-186

SOURCES
db:IVDid:a50faadc-2354-11e6-abef-000c29c66e3d
db:IVDid:e84a6d20-1f88-11e6-abef-000c29c66e3d
db:IVDid:d48e7d58-1f88-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-3724
db:CNVDid:CNVD-2011-3647
db:CNVDid:CNVD-2011-3683
db:VULHUBid:VHN-51434
db:BIDid:49608
db:JVNDBid:JVNDB-2011-002252
db:CNNVDid:CNNVD-201109-262
db:CNNVDid:CNNVD-201109-186
db:NVDid:CVE-2011-3489

LAST UPDATE DATE
2024-08-14T14:21:36.075000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-3724date:2011-09-20T00:00:00
db:CNVDid:CNVD-2011-3647date:2011-09-14T00:00:00
db:CNVDid:CNVD-2011-3683date:2011-09-15T00:00:00
db:VULHUBid:VHN-51434date:2017-08-29T00:00:00
db:BIDid:49608date:2011-09-30T22:50:00
db:JVNDBid:JVNDB-2011-002252date:2011-09-28T00:00:00
db:CNNVDid:CNNVD-201109-262date:2011-09-19T00:00:00
db:CNNVDid:CNNVD-201109-186date:2011-09-15T00:00:00
db:NVDid:CVE-2011-3489date:2017-08-29T01:30:12.740

SOURCES RELEASE DATE
db:IVDid:a50faadc-2354-11e6-abef-000c29c66e3ddate:2011-09-20T00:00:00
db:IVDid:e84a6d20-1f88-11e6-abef-000c29c66e3ddate:2011-09-14T00:00:00
db:IVDid:d48e7d58-1f88-11e6-abef-000c29c66e3ddate:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3724date:2011-09-20T00:00:00
db:CNVDid:CNVD-2011-3647date:2011-09-14T00:00:00
db:CNVDid:CNVD-2011-3683date:2011-09-15T00:00:00
db:VULHUBid:VHN-51434date:2011-09-16T00:00:00
db:BIDid:49608date:2011-09-13T00:00:00
db:JVNDBid:JVNDB-2011-002252date:2011-09-28T00:00:00
db:CNNVDid:CNNVD-201109-262date:2011-09-19T00:00:00
db:CNNVDid:CNNVD-201109-186date:1900-01-01T00:00:00
db:NVDid:CVE-2011-3489date:2011-09-16T14:28:12.060