Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
Rockwell Automation RSLinx Enterprise 缓冲区错误漏洞
Vulnerability Description
Rockwell Automation RSLinx Enterprise是美国罗克韦尔(Rockwell Automation)公司的一套通讯管理软件。该软件可为Allen-Bradley(A-B)的可编程控制器、各种Rockwell软件、A-B应用软件建立起通讯联系。 Rockwell RSLinx Enterprise中存在远程拒绝服务漏洞。攻击者可利用该漏洞造成受影响应用程序崩溃,拒绝服务合法用户。以下版本受到影响:RSLinx Enterprise CPR9,RSLinx Enterprise
CVSS Information
N/A
Vulnerability Type
N/A