CVE-2013-2805

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the Record Data Size field. By sending a datagram to the service over Port 4444/UDP with the Record Data Size field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
rockwellautomationrslinx_enterprise
5.10.00
rockwellautomationrslinx_enterprise
5.10.01
rockwellautomationrslinx_enterprise
5.20.00
rockwellautomationrslinx_enterprise
5.21.00
rockwellautomationrslinx_enterprise
5.30.00
rockwellautomationrslinx_enterprise
5.40.00
rockwellautomationrslinx_enterprise
5.50.00
rockwellautomationrslinx_enterprise
5.51.00
rockwellautomationrslinx_enterprise
5.60.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02
https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02