Sign-up

ID

VAR-201301-0159


CVE

CVE-2012-6442


TITLE

plural Rockwell Automation Service disruption in products ( Stop control and communication ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-001270

DESCRIPTION

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a reset. plural Rockwell Automation Product has a service disruption ( Stop control and communication ) There is a vulnerability that becomes a condition.Trigger reset by a third party CIP Service disruption via message ( Stop control and communication ) There is a possibility of being put into a state. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. An attacker can exploit these issues to crash the affected application, denying service to legitimate users

Trust: 2.7

sources: NVD: CVE-2012-6442 // JVNDB: JVNDB-2013-001270 // CNVD: CNVD-2013-00294 // BID: 57309 // IVD: 2062cbc6-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-59723

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2062cbc6-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00294

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:compactlogixscope:eqversion:18

Trust: 1.0

vendor:rockwellautomationmodel:controllogix controllersscope:eqversion:20

Trust: 1.0

vendor:rockwellautomationmodel:compactlogix controllersscope:eqversion:19

Trust: 1.0

vendor:rockwellautomationmodel:flex i\/o ethernet\/ipscope:eqversion: -

Trust: 1.0

vendor:rockwellautomationmodel:controllogixscope:eqversion:18

Trust: 1.0

vendor:rockwellautomationmodel:guardlogix controllersscope:eqversion:20

Trust: 1.0

vendor:rockwellautomationmodel:softlogixscope:eqversion:18

Trust: 1.0

vendor:rockwellautomationmodel:flexlogixscope:eqversion: -

Trust: 1.0

vendor:rockwellautomationmodel:compactlogixscope:eqversion: -

Trust: 1.0

vendor:rockwellautomationmodel:micrologixscope:eqversion: -

Trust: 1.0

vendor:rockwellautomationmodel:guardlogixscope:eqversion:18

Trust: 1.0

vendor:rockwellautomationmodel:ethernet\/ipscope:eqversion: -

Trust: 1.0

vendor:rockwellautomationmodel:softlogix controllersscope:eqversion:19

Trust: 1.0

vendor:rockwell automationmodel:1756-enbtscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:1756-ewebscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:1768-enbtscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:1768-ewebscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:compactlogix l32e controllerscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:compactlogix l35e controllerscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:compactlogix controllerscope:lteversion:18

Trust: 0.8

vendor:rockwell automationmodel:compactlogix controllerscope:lteversion:19

Trust: 0.8

vendor:rockwell automationmodel:controllogix controllerscope:lteversion:18

Trust: 0.8

vendor:rockwell automationmodel:controllogix controllerscope:lteversion:20

Trust: 0.8

vendor:rockwell automationmodel:flex i/o ethernet/ip adapter 1794-aentrscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:flexlogix 1788-enbtscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:guardlogix controllerscope:lteversion:18

Trust: 0.8

vendor:rockwell automationmodel:guardlogix controllerscope:lteversion:20

Trust: 0.8

vendor:rockwell automationmodel:micrologixscope:eqversion:1100

Trust: 0.8

vendor:rockwell automationmodel:micrologixscope:eqversion:1400

Trust: 0.8

vendor:rockwell automationmodel:softlogix controllerscope:lteversion:18

Trust: 0.8

vendor:rockwell automationmodel:softlogix controllerscope:lteversion:19

Trust: 0.8

vendor:rockwellmodel:automation micrologixscope:eqversion:1100

Trust: 0.6

vendor:rockwellmodel:automation micrologixscope:eqversion:1400

Trust: 0.6

vendor:rockwellautomationmodel:guardlogixscope:eqversion:20.0

Trust: 0.6

vendor:rockwellautomationmodel:compactlogixscope:eqversion:18.0

Trust: 0.6

vendor:rockwellautomationmodel:compactlogixscope:eqversion:19.0

Trust: 0.6

vendor:rockwellautomationmodel:controllogixscope:eqversion:18.0

Trust: 0.6

vendor:rockwellautomationmodel:softlogixscope:eqversion:18.0

Trust: 0.6

vendor:rockwellautomationmodel:controllogixscope:eqversion:20.0

Trust: 0.6

vendor:rockwellautomationmodel:guardlogixscope:eqversion:18.0

Trust: 0.6

vendor:rockwellautomationmodel:softlogicscope:eqversion:19.0

Trust: 0.6

vendor:rockwellmodel:automation softlogixscope:eqversion:19

Trust: 0.3

vendor:rockwellmodel:automation softlogixscope:eqversion:18

Trust: 0.3

vendor:rockwellmodel:automation micrologixscope:eqversion:14000

Trust: 0.3

vendor:rockwellmodel:automation micrologixscope:eqversion:11000

Trust: 0.3

vendor:rockwellmodel:automation guardlogixscope:eqversion:20

Trust: 0.3

vendor:rockwellmodel:automation guardlogixscope:eqversion:18

Trust: 0.3

vendor:rockwellmodel:automation controllogixscope:eqversion:20

Trust: 0.3

vendor:rockwellmodel:automation controllogixscope:eqversion:18

Trust: 0.3

vendor:rockwellmodel:automation compactlogix l35escope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation compactlogix l32escope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation compactlogixscope:eqversion:19

Trust: 0.3

vendor:rockwellmodel:automation compactlogixscope:eqversion:18

Trust: 0.3

vendor:rockwellmodel:automation 1794-aentrscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automation 1788-enbtscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automation 1768-ewebscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automation 1768-enbtscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automation 1756-enbtscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automation 1756-en2t series bscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automation controllogixscope:eqversion:0

Trust: 0.3

vendor:ethernet ipmodel: - scope:eqversion: -

Trust: 0.2

vendor:compactlogixmodel: - scope:eqversion: -

Trust: 0.2

vendor:flexlogixmodel: - scope:eqversion: -

Trust: 0.2

vendor:flex i o ethernet ipmodel: - scope:eqversion: -

Trust: 0.2

vendor:micrologixmodel: - scope:eqversion: -

Trust: 0.2

vendor:compactlogix controllersmodel: - scope:eqversion:19

Trust: 0.2

vendor:compactlogixmodel: - scope:eqversion:18

Trust: 0.2

vendor:controllogix controllersmodel: - scope:eqversion:20

Trust: 0.2

vendor:controllogixmodel: - scope:eqversion:18

Trust: 0.2

vendor:guardlogix controllersmodel: - scope:eqversion:20

Trust: 0.2

vendor:guardlogixmodel: - scope:eqversion:18

Trust: 0.2

vendor:softlogix controllersmodel: - scope:eqversion:19

Trust: 0.2

vendor:softlogixmodel: - scope:eqversion:18

Trust: 0.2

sources: IVD: 2062cbc6-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00294 // BID: 57309 // JVNDB: JVNDB-2013-001270 // CNNVD: CNNVD-201301-259 // NVD: CVE-2012-6442

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-6442
value: HIGH

Trust: 1.0

NVD: CVE-2012-6442
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201301-259
value: HIGH

Trust: 0.6

IVD: 2062cbc6-2353-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-59723
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-6442
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 2062cbc6-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-59723
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 2062cbc6-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-59723 // JVNDB: JVNDB-2013-001270 // CNNVD: CNNVD-201301-259 // NVD: CVE-2012-6442

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-59723 // JVNDB: JVNDB-2013-001270 // NVD: CVE-2012-6442

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-259

TYPE

Buffer error

Trust: 0.8

sources: IVD: 2062cbc6-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201301-259

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001270

PATCH
title:Top Pageurl:http://www.rockwellautomation.com/
Trust: 0.8
title:Partnerurl:http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner
Trust: 0.8
title:Top Pageurl:http://jp.rockwellautomation.com/
Trust: 0.8
title:Patch for Rockwell Automation ControlLogix Remote Denial of Service Vulnerability (CNVD-2013-00294)url:https://www.cnvd.org.cn/patchInfo/show/29254
Trust: 0.6
title:1768-ENBT_4.004.006url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45390
Trust: 0.6
title:1756-EWEB_4.016url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45389
Trust: 0.6
title:1756-ENBT_6.006url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45388
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-00294 // 
            
            
            
            JVNDB: JVNDB-2013-001270 // 
            
            
            
            CNNVD: CNNVD-201301-259

EXTERNAL IDS
db:NVDid:CVE-2012-6442
Trust: 3.6
db:ICS CERTid:ICSA-13-011-03
Trust: 3.4
db:CNNVDid:CNNVD-201301-259
Trust: 0.9
db:CNVDid:CNVD-2013-00294
Trust: 0.8
db:JVNDBid:JVNDB-2013-001270
Trust: 0.8
db:BIDid:57309
Trust: 0.4
db:IVDid:2062CBC6-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-59723
Trust: 0.1
sources:
            
            
            IVD: 2062cbc6-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-00294 // 
            
            
            
            VULHUB: VHN-59723 // 
            
            
            
            BID: 57309 // 
            
            
            
            JVNDB: JVNDB-2013-001270 // 
            
            
            
            CNNVD: CNNVD-201301-259 // 
            
            
            
            NVD: CVE-2012-6442

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-13-011-03.pdf
Trust: 3.4
url:https://tools.cisco.com/security/center/viewalert.x?alertid=27862
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6442
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6442
Trust: 0.8
url:http://www.rockwellautomation.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-00294 // 
            
            
            
            VULHUB: VHN-59723 // 
            
            
            
            BID: 57309 // 
            
            
            
            JVNDB: JVNDB-2013-001270 // 
            
            
            
            CNNVD: CNNVD-201301-259 // 
            
            
            
            NVD: CVE-2012-6442

CREDITS
Rub??n Santamarta
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201301-259

SOURCES
db:IVDid:2062cbc6-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-00294
db:VULHUBid:VHN-59723
db:BIDid:57309
db:JVNDBid:JVNDB-2013-001270
db:CNNVDid:CNNVD-201301-259
db:NVDid:CVE-2012-6442

LAST UPDATE DATE
2024-08-14T14:14:28.403000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-00294date:2013-01-17T00:00:00
db:VULHUBid:VHN-59723date:2019-09-03T00:00:00
db:BIDid:57309date:2013-01-11T00:00:00
db:JVNDBid:JVNDB-2013-001270date:2013-01-28T00:00:00
db:CNNVDid:CNNVD-201301-259date:2019-09-04T00:00:00
db:NVDid:CVE-2012-6442date:2019-09-03T15:16:01.240

SOURCES RELEASE DATE
db:IVDid:2062cbc6-2353-11e6-abef-000c29c66e3ddate:2013-01-17T00:00:00
db:CNVDid:CNVD-2013-00294date:2013-01-17T00:00:00
db:VULHUBid:VHN-59723date:2013-01-24T00:00:00
db:BIDid:57309date:2013-01-11T00:00:00
db:JVNDBid:JVNDB-2013-001270date:2013-01-28T00:00:00
db:CNNVDid:CNNVD-201301-259date:2013-01-16T00:00:00
db:NVDid:CVE-2012-6442date:2013-01-24T21:55:01.773