Details of VAR-201301-0154

ID

VAR-201301-0154

CVE

CVE-2012-6437

TITLE

Rockwell Automation ControlLogix Firmware upload vulnerability

Trust: 0.8

sources: IVD: 20403e12-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00289

DESCRIPTION

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image. Rockwell Automation MicroLogix is a programmable controller platform. The device incorrectly authenticates the user, allows the remote user to upload a new firmware image onto the Ethernet card, and does not check whether the firmware image is legitimate or corrupt, allowing an attacker to exploit the vulnerability to gain control of the device or crash the device. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications

Trust: 2.7

sources: NVD: CVE-2012-6437 // JVNDB: JVNDB-2013-001265 // CNVD: CNVD-2013-00289 // BID: 57317 // IVD: 20403e12-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-59718

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 20403e12-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00289

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	1756-enbt	scope:	eq	version:	-	Trust: 1.6
vendor:	rockwellautomation	model:	flexlogix 1788-enbt adapter	scope:	eq	version:	-	Trust: 1.6
vendor:	rockwellautomation	model:	1768-eweb	scope:	eq	version:	-	Trust: 1.6
vendor:	rockwellautomation	model:	compactlogix l35e controller	scope:	eq	version:	-	Trust: 1.6
vendor:	rockwellautomation	model:	compactlogix l32e controller	scope:	eq	version:	-	Trust: 1.6
vendor:	rockwellautomation	model:	1794-aentr flex i\/o ethernet\/ip adapter	scope:	eq	version:	-	Trust: 1.6
vendor:	rockwellautomation	model:	1756-eweb	scope:	eq	version:	-	Trust: 1.0
vendor:	rockwellautomation	model:	controllogix	scope:	lte	version:	18	Trust: 1.0
vendor:	rockwellautomation	model:	compactlogix controllers	scope:	lte	version:	19	Trust: 1.0
vendor:	rockwellautomation	model:	guardlogix controllers	scope:	lte	version:	20	Trust: 1.0
vendor:	rockwellautomation	model:	controllogix controllers	scope:	lte	version:	20	Trust: 1.0
vendor:	rockwellautomation	model:	compactlogix	scope:	lte	version:	18	Trust: 1.0
vendor:	rockwellautomation	model:	guardlogix	scope:	lte	version:	18	Trust: 1.0
vendor:	rockwellautomation	model:	micrologix	scope:	lte	version:	1400	Trust: 1.0
vendor:	rockwellautomation	model:	softlogix	scope:	lte	version:	18	Trust: 1.0
vendor:	rockwellautomation	model:	softlogix controllers	scope:	lte	version:	19	Trust: 1.0
vendor:	rockwellautomation	model:	1768-enbt	scope:	eq	version:	-	Trust: 1.0
vendor:	rockwellautomation	model:	micrologix	scope:	lte	version:	1100	Trust: 1.0
vendor:	rockwell automation	model:	1756-enbt	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	1756-eweb	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	1768-enbt	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	1768-eweb	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	compactlogix l32e controller	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	compactlogix l35e controller	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	compactlogix controller	scope:	lte	version:	18	Trust: 0.8
vendor:	rockwell automation	model:	compactlogix controller	scope:	lte	version:	19	Trust: 0.8
vendor:	rockwell automation	model:	controllogix controller	scope:	lte	version:	18	Trust: 0.8
vendor:	rockwell automation	model:	controllogix controller	scope:	lte	version:	20	Trust: 0.8
vendor:	rockwell automation	model:	flex i/o ethernet/ip adapter 1794-aentr	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	flexlogix 1788-enbt	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	guardlogix controller	scope:	lte	version:	18	Trust: 0.8
vendor:	rockwell automation	model:	guardlogix controller	scope:	lte	version:	20	Trust: 0.8
vendor:	rockwell automation	model:	micrologix	scope:	eq	version:	1100	Trust: 0.8
vendor:	rockwell automation	model:	micrologix	scope:	eq	version:	1400	Trust: 0.8
vendor:	rockwell automation	model:	softlogix controller	scope:	lte	version:	18	Trust: 0.8
vendor:	rockwell automation	model:	softlogix controller	scope:	lte	version:	19	Trust: 0.8
vendor:	rockwell	model:	automation controllogix	scope:	-	version:	-	Trust: 0.6
vendor:	rockwell	model:	automation micrologix	scope:	eq	version:	1100	Trust: 0.6
vendor:	rockwell	model:	automation micrologix	scope:	eq	version:	1400	Trust: 0.6
vendor:	rockwellautomation	model:	compactlogix	scope:	eq	version:	18	Trust: 0.6
vendor:	rockwellautomation	model:	controllogix	scope:	eq	version:	18	Trust: 0.6
vendor:	rockwellautomation	model:	softlogix	scope:	eq	version:	18	Trust: 0.6
vendor:	rockwellautomation	model:	guardlogix	scope:	eq	version:	18	Trust: 0.6
vendor:	micrologix	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	rockwell	model:	automation softlogix	scope:	eq	version:	19	Trust: 0.3
vendor:	rockwell	model:	automation softlogix	scope:	eq	version:	18	Trust: 0.3
vendor:	rockwell	model:	automation micrologix	scope:	eq	version:	14000	Trust: 0.3
vendor:	rockwell	model:	automation micrologix	scope:	eq	version:	11000	Trust: 0.3
vendor:	rockwell	model:	automation guardlogix	scope:	eq	version:	20	Trust: 0.3
vendor:	rockwell	model:	automation guardlogix	scope:	eq	version:	18	Trust: 0.3
vendor:	rockwell	model:	automation compactlogix l35e	scope:	-	version:	-	Trust: 0.3
vendor:	rockwell	model:	automation compactlogix l32e	scope:	-	version:	-	Trust: 0.3
vendor:	rockwell	model:	automation compactlogix	scope:	eq	version:	19	Trust: 0.3
vendor:	rockwell	model:	automation compactlogix	scope:	eq	version:	18	Trust: 0.3
vendor:	rockwell	model:	automation 1794-aentr	scope:	eq	version:	0	Trust: 0.3
vendor:	rockwell	model:	automation 1788-enbt	scope:	eq	version:	0	Trust: 0.3
vendor:	rockwell	model:	automation 1768-eweb	scope:	eq	version:	0	Trust: 0.3
vendor:	rockwell	model:	automation 1768-enbt	scope:	eq	version:	0	Trust: 0.3
vendor:	rockwell	model:	automation 1756-enbt	scope:	eq	version:	0	Trust: 0.3
vendor:	rockwell	model:	automation 1756-en2t series b	scope:	eq	version:	0	Trust: 0.3
vendor:	controllogix controllers	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	guardlogix controllers	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	softlogix controllers	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1756 enbt	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	1756 eweb	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	1768 enbt	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	1768 eweb	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	1794 aentr flex i o ethernet ip adapter	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	compactlogix	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	compactlogix controllers	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	compactlogix l32e controller	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	compactlogix l35e controller	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	controllogix	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	flexlogix 1788 enbt adapter	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	guardlogix	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	softlogix	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 20403e12-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00289 // BID: 57317 // JVNDB: JVNDB-2013-001265 // CNNVD: CNNVD-201301-460 // NVD: CVE-2012-6437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-6437
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-6437
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201301-460
value:	CRITICAL
Trust: 0.6
IVD:	20403e12-2353-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-59718
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-6437
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	20403e12-2353-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-59718
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 20403e12-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-59718 // JVNDB: JVNDB-2013-001265 // CNNVD: CNNVD-201301-460 // NVD: CVE-2012-6437

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-59718 // JVNDB: JVNDB-2013-001265 // NVD: CVE-2012-6437

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-460

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201301-460

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001265

PATCH

title:	Top Page	url:	http://www.rockwellautomation.com/	Trust: 0.8
title:	Partner	url:	http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner	Trust: 0.8
title:	Top Page	url:	http://jp.rockwellautomation.com/	Trust: 0.8
title:	Rockwell Automation ControlLogix Firmware Upload Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/29212	Trust: 0.6
title:	1768-ENBT_4.004.006	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45390	Trust: 0.6
title:	1756-EWEB_4.016	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45389	Trust: 0.6
title:	1756-ENBT_6.006	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45388	Trust: 0.6

sources: CNVD: CNVD-2013-00289 // JVNDB: JVNDB-2013-001265 // CNNVD: CNNVD-201301-460

EXTERNAL IDS

db:	NVD	id:	CVE-2012-6437	Trust: 3.6
db:	ICS CERT	id:	ICSA-13-011-03	Trust: 3.4
db:	BID	id:	57317	Trust: 1.0
db:	CNNVD	id:	CNNVD-201301-460	Trust: 0.9
db:	CNVD	id:	CNVD-2013-00289	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-001265	Trust: 0.8
db:	IVD	id:	20403E12-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SEEBUG	id:	SSVID-89568	Trust: 0.1
db:	VULHUB	id:	VHN-59718	Trust: 0.1

sources: IVD: 20403e12-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00289 // VULHUB: VHN-59718 // BID: 57317 // JVNDB: JVNDB-2013-001265 // CNNVD: CNNVD-201301-460 // NVD: CVE-2012-6437

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-13-011-03.pdf	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6437	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6437	Trust: 0.8
url:	http://www.securityfocus.com/bid/57317	Trust: 0.6
url:	http://www.rockwellautomation.com/	Trust: 0.3

sources: CNVD: CNVD-2013-00289 // VULHUB: VHN-59718 // BID: 57317 // JVNDB: JVNDB-2013-001265 // CNNVD: CNNVD-201301-460 // NVD: CVE-2012-6437

CREDITS

Rub??n Santamarta

Trust: 0.6

sources: CNNVD: CNNVD-201301-460

SOURCES

db:	IVD	id:	20403e12-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-00289
db:	VULHUB	id:	VHN-59718
db:	BID	id:	57317
db:	JVNDB	id:	JVNDB-2013-001265
db:	CNNVD	id:	CNNVD-201301-460
db:	NVD	id:	CVE-2012-6437

LAST UPDATE DATE

2024-08-14T14:14:28.447000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-00289	date:	2013-05-25T00:00:00
db:	VULHUB	id:	VHN-59718	date:	2013-01-25T00:00:00
db:	BID	id:	57317	date:	2013-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-001265	date:	2013-01-28T00:00:00
db:	CNNVD	id:	CNNVD-201301-460	date:	2013-01-24T00:00:00
db:	NVD	id:	CVE-2012-6437	date:	2013-01-25T16:25:38.383

SOURCES RELEASE DATE

db:	IVD	id:	20403e12-2353-11e6-abef-000c29c66e3d	date:	2013-01-17T00:00:00
db:	CNVD	id:	CNVD-2013-00289	date:	2013-01-17T00:00:00
db:	VULHUB	id:	VHN-59718	date:	2013-01-24T00:00:00
db:	BID	id:	57317	date:	2013-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-001265	date:	2013-01-28T00:00:00
db:	CNNVD	id:	CNNVD-201301-460	date:	2013-01-24T00:00:00
db:	NVD	id:	CVE-2012-6437	date:	2013-01-24T21:55:01.523