CVE-2016-9343
high-risk
Published 2017-02-13
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
Do I need to act?
-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Softlogix 5800 Controller Firmware
Rslogix Emulate 5000 Firmware
Rslogix Emulate 5000 Firmware
Guardlogix 5570 Controller Firmware
Guardlogix 5570 Controller Firmware
Guardlogix 5570 Controller Firmware
Guardlogix 5570 Controller Firmware
Guardlogix 5570 Controller Firmware
Controllogix L55 Controller Firmware
Controllogix 5570 Redundant Controller Firmware
Controllogix 5570 Controller Firmware
Controllogix 5570 Controller Firmware
Controllogix 5560 Redundant Controller Firmware
Controllogix 5560 Redundant Controller Firmware
Controllogix 5560 Controller Firmware
Controllogix 5560 Controller Firmware
Controllogix 5560 Controller Firmware
Controllogix 5560 Controller Firmware
Controllogix 5560 Controller Firmware
1769 Compactlogix L3X Controller Firmware
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/95304
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05
Third Party Advisory
http://www.securityfocus.com/bid/95304
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05
62
/ 100
high-risk
Severity
33/34 · Critical
Exploitability
0/34 · Minimal
Exposure
29/34 · Critical