CVE-2016-5814

Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.6 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
rockwellautomationrslogix_500_professional_edition
-
rockwellautomationrslogix_500_standard_edition
-
rockwellautomationrslogix_500_starter_edition
-
rockwellautomationrslogix_micro_developer
-
rockwellautomationrslogix_micro_starter_lite
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/92983
https://ics-cert.us-cert.gov/advisories/ICSA-16-224-02
http://www.securityfocus.com/bid/92983
https://ics-cert.us-cert.gov/advisories/ICSA-16-224-02