CVE-2011-3489

RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
rockwellautomationrslogix
𝑥
≤ 19
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aluigi.altervista.org/adv/rslogix_1-adv.txt
http://securityreason.com/securityalert/8383
http://www.securityfocus.com/bid/49608
https://exchange.xforce.ibmcloud.com/vulnerabilities/69808
http://aluigi.altervista.org/adv/rslogix_1-adv.txt
http://securityreason.com/securityalert/8383
http://www.securityfocus.com/bid/49608
https://exchange.xforce.ibmcloud.com/vulnerabilities/69808