ID

VAR-201204-0173


CVE

CVE-2012-0221


TITLE

Rockwell Automation Allen-Bradley FactoryTalk Input validation vulnerability

Trust: 1.6

sources: IVD: 7d70a8cf-463f-11e9-b5ed-000c29342cb1 // IVD: fa04ef80-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8875 // CNNVD: CNNVD-201204-003

DESCRIPTION

The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. Rockwell Automation is a provider of industrial automation, control and information technology solutions. Rockwell Automation FactoryTalk Activation Server RNADiagReceiver has errors in processing packets. Submitting a packet containing more than 2000 bytes to UDP port 4445 can result in no subsequent connections. An attacker can exploit these issues to crash the affected application, denying service to legitimate users

Trust: 4.32

sources: NVD: CVE-2012-0221 // JVNDB: JVNDB-2012-001982 // CNVD: CNVD-2012-0190 // CNVD: CNVD-2012-0189 // CNVD: CNVD-2012-8875 // BID: 51444 // IVD: 7d70a8cf-463f-11e9-b5ed-000c29342cb1 // IVD: fa04ef80-2353-11e6-abef-000c29c66e3d // IVD: ef44ea94-1f77-11e6-abef-000c29c66e3d // IVD: f0999908-1f77-11e6-abef-000c29c66e3d // VULHUB: VHN-53502

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.6

sources: IVD: 7d70a8cf-463f-11e9-b5ed-000c29342cb1 // IVD: fa04ef80-2353-11e6-abef-000c29c66e3d // IVD: ef44ea94-1f77-11e6-abef-000c29c66e3d // IVD: f0999908-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0190 // CNVD: CNVD-2012-0189 // CNVD: CNVD-2012-8875

AFFECTED PRODUCTS

vendor:rockwallmodel:automation factorytalk activation serverscope:eqversion:3.2

Trust: 1.7

vendor:rockwallmodel:automation rslogixscope:eqversion:500019

Trust: 1.7

vendor:rockwellautomationmodel:factorytalkscope:eqversion:cpr9

Trust: 1.6

vendor:rockwellautomationmodel:rslogix 5000scope:eqversion:18

Trust: 1.6

vendor:rockwellautomationmodel:rslogix 5000scope:eqversion:20

Trust: 1.6

vendor:rockwellautomationmodel:rslogix 5000scope:eqversion:17

Trust: 1.6

vendor:rockwellautomationmodel:factorytalkscope:eqversion:cpr9_sr5

Trust: 1.6

vendor:rockwellautomationmodel:rslogix 5000scope:eqversion:19

Trust: 1.6

vendor:rockwallmodel:automation rslogixscope:eqversion:500018

Trust: 1.5

vendor:rockwallmodel:automation rslogixscope:eqversion:500017

Trust: 1.5

vendor:rockwell automationmodel:factorytalkscope:eqversion:cpr9 to sr5

Trust: 0.8

vendor:rockwell automationmodel:rslogix 5000scope:eqversion:17 to 20

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:factorytalkmodel:cpr9scope: - version: -

Trust: 0.4

vendor:factorytalkmodel:cpr9 sr5scope: - version: -

Trust: 0.4

vendor:rslogix 5000model: - scope:eqversion:17

Trust: 0.4

vendor:rslogix 5000model: - scope:eqversion:18

Trust: 0.4

vendor:rslogix 5000model: - scope:eqversion:19

Trust: 0.4

vendor:rslogix 5000model: - scope:eqversion:20

Trust: 0.4

vendor:rockwallmodel:automation rslogixscope:eqversion:500018*

Trust: 0.4

vendor:rockwallmodel:automation rslogixscope:eqversion:500017*

Trust: 0.4

vendor:rockwallmodel:automation factorytalk cpr9-sr5scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr4scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr3scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr2scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9-sr1scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalk cpr9scope: - version: -

Trust: 0.3

vendor:rockwallmodel:automation factorytalkscope:eqversion:0

Trust: 0.3

vendor:rockwallmodel:automation rslogixscope:eqversion:500019*

Trust: 0.2

vendor:rockwallmodel:automation factorytalk activation serverscope:eqversion:3.2*

Trust: 0.2

sources: IVD: 7d70a8cf-463f-11e9-b5ed-000c29342cb1 // IVD: fa04ef80-2353-11e6-abef-000c29c66e3d // IVD: ef44ea94-1f77-11e6-abef-000c29c66e3d // IVD: f0999908-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0190 // CNVD: CNVD-2012-0189 // CNVD: CNVD-2012-8875 // BID: 51444 // JVNDB: JVNDB-2012-001982 // CNNVD: CNNVD-201204-003 // NVD: CVE-2012-0221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0221
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-0221
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2012-8875
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201204-003
value: MEDIUM

Trust: 0.6

IVD: 7d70a8cf-463f-11e9-b5ed-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: fa04ef80-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: ef44ea94-1f77-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: f0999908-1f77-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-53502
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-0221
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2012-8875
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d70a8cf-463f-11e9-b5ed-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: fa04ef80-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: ef44ea94-1f77-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: f0999908-1f77-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-53502
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 7d70a8cf-463f-11e9-b5ed-000c29342cb1 // IVD: fa04ef80-2353-11e6-abef-000c29c66e3d // IVD: ef44ea94-1f77-11e6-abef-000c29c66e3d // IVD: f0999908-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8875 // VULHUB: VHN-53502 // JVNDB: JVNDB-2012-001982 // CNNVD: CNNVD-201204-003 // NVD: CVE-2012-0221

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-53502 // JVNDB: JVNDB-2012-001982 // NVD: CVE-2012-0221

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201201-287 // CNNVD: CNNVD-201204-003

TYPE

Input validation

Trust: 1.4

sources: IVD: 7d70a8cf-463f-11e9-b5ed-000c29342cb1 // IVD: fa04ef80-2353-11e6-abef-000c29c66e3d // IVD: ef44ea94-1f77-11e6-abef-000c29c66e3d // IVD: f0999908-1f77-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201204-003

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001982

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-53502

PATCH

title:RSLogix 5000url:http://www.rockwellautomation.com/rockwellsoftware/design/rslogix5000/

Trust: 0.8

title:FactoryTalkurl:http://www.rockwellautomation.com/rockwellsoftware/factorytalk/

Trust: 0.8

title:Rockwell Automation Allen-Bradley FactoryTalk Input Validation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/36065

Trust: 0.6

sources: CNVD: CNVD-2012-8875 // JVNDB: JVNDB-2012-001982

EXTERNAL IDS

db:NVDid:CVE-2012-0221

Trust: 4.2

db:ICS CERTid:ICSA-12-088-01

Trust: 3.4

db:BIDid:51444

Trust: 2.1

db:CNNVDid:CNNVD-201204-003

Trust: 1.5

db:ICS CERT ALERTid:ICS-ALERT-12-017-01

Trust: 1.1

db:CNVDid:CNVD-2012-8875

Trust: 1.0

db:CNVDid:CNVD-2012-0190

Trust: 0.8

db:CNVDid:CNVD-2012-0189

Trust: 0.8

db:JVNDBid:JVNDB-2012-001982

Trust: 0.8

db:CNNVDid:CNNVD-201201-287

Trust: 0.6

db:IVDid:7D70A8CF-463F-11E9-B5ED-000C29342CB1

Trust: 0.2

db:IVDid:FA04EF80-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:EF44EA94-1F77-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:F0999908-1F77-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:SEEBUGid:SSVID-72115

Trust: 0.1

db:EXPLOIT-DBid:36570

Trust: 0.1

db:VULHUBid:VHN-53502

Trust: 0.1

sources: IVD: 7d70a8cf-463f-11e9-b5ed-000c29342cb1 // IVD: fa04ef80-2353-11e6-abef-000c29c66e3d // IVD: ef44ea94-1f77-11e6-abef-000c29c66e3d // IVD: f0999908-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0190 // CNVD: CNVD-2012-0189 // CNVD: CNVD-2012-8875 // VULHUB: VHN-53502 // BID: 51444 // JVNDB: JVNDB-2012-001982 // CNNVD: CNNVD-201201-287 // CNNVD: CNNVD-201204-003 // NVD: CVE-2012-0221

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-088-01.pdf

Trust: 2.8

url:http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937

Trust: 1.7

url:http://aluigi.altervista.org/adv/rnadiagreceiver_1-adv.txt

Trust: 1.5

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-12-017-01.pdf

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0221

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0221

Trust: 0.8

url:http://ics-cert.us-cert.gov/advisories/icsa-12-088-01

Trust: 0.6

url:http://www.securityfocus.com/bid/51444

Trust: 0.6

url:http://www.rockwellautomation.com/

Trust: 0.3

sources: CNVD: CNVD-2012-0190 // CNVD: CNVD-2012-0189 // CNVD: CNVD-2012-8875 // VULHUB: VHN-53502 // BID: 51444 // JVNDB: JVNDB-2012-001982 // CNNVD: CNNVD-201201-287 // CNNVD: CNNVD-201204-003 // NVD: CVE-2012-0221

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 51444 // CNNVD: CNNVD-201201-287

SOURCES

db:IVDid:7d70a8cf-463f-11e9-b5ed-000c29342cb1
db:IVDid:fa04ef80-2353-11e6-abef-000c29c66e3d
db:IVDid:ef44ea94-1f77-11e6-abef-000c29c66e3d
db:IVDid:f0999908-1f77-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0190
db:CNVDid:CNVD-2012-0189
db:CNVDid:CNVD-2012-8875
db:VULHUBid:VHN-53502
db:BIDid:51444
db:JVNDBid:JVNDB-2012-001982
db:CNNVDid:CNNVD-201201-287
db:CNNVDid:CNNVD-201204-003
db:NVDid:CVE-2012-0221

LAST UPDATE DATE

2024-08-14T14:28:13.074000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0190date:2012-01-19T00:00:00
db:CNVDid:CNVD-2012-0189date:2012-01-19T00:00:00
db:CNVDid:CNVD-2012-8875date:2012-04-05T00:00:00
db:VULHUBid:VHN-53502date:2012-04-03T00:00:00
db:BIDid:51444date:2012-03-28T22:10:00
db:JVNDBid:JVNDB-2012-001982date:2012-04-04T00:00:00
db:CNNVDid:CNNVD-201201-287date:2012-01-30T00:00:00
db:CNNVDid:CNNVD-201204-003date:2012-04-05T00:00:00
db:NVDid:CVE-2012-0221date:2012-04-03T04:00:00

SOURCES RELEASE DATE

db:IVDid:7d70a8cf-463f-11e9-b5ed-000c29342cb1date:2012-04-05T00:00:00
db:IVDid:fa04ef80-2353-11e6-abef-000c29c66e3ddate:2012-04-05T00:00:00
db:IVDid:ef44ea94-1f77-11e6-abef-000c29c66e3ddate:2012-01-19T00:00:00
db:IVDid:f0999908-1f77-11e6-abef-000c29c66e3ddate:2012-01-19T00:00:00
db:CNVDid:CNVD-2012-0190date:2012-01-19T00:00:00
db:CNVDid:CNVD-2012-0189date:2012-01-19T00:00:00
db:CNVDid:CNVD-2012-8875date:2012-04-05T00:00:00
db:VULHUBid:VHN-53502date:2012-04-02T00:00:00
db:BIDid:51444date:2012-01-17T00:00:00
db:JVNDBid:JVNDB-2012-001982date:2012-04-04T00:00:00
db:CNNVDid:CNNVD-201201-287date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201204-003date:2012-04-05T00:00:00
db:NVDid:CVE-2012-0221date:2012-04-02T18:55:01.043