Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9343

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.

Published

2017-02-13T21:59:01.707

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 10.0 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	rockwellautomation	softlogix_5800_controller_firmware	18.00	Yes
Operating System	rockwellautomation	softlogix_5800_controller_firmware	19.00	Yes
Operating System	rockwellautomation	softlogix_5800_controller_firmware	20.00	Yes
Operating System	rockwellautomation	softlogix_5800_controller_firmware	21.00	Yes
Hardware	rockwellautomation	softlogix_5800_controller	-	No
Operating System	rockwellautomation	rslogix_emulate_5000_firmware	18.00	Yes
Operating System	rockwellautomation	rslogix_emulate_5000_firmware	19.00	Yes
Operating System	rockwellautomation	rslogix_emulate_5000_firmware	20.00	Yes
Operating System	rockwellautomation	rslogix_emulate_5000_firmware	21.00	Yes
Hardware	rockwellautomation	rslogix_emulate_5000	-	No
Operating System	rockwellautomation	guardlogix_5570_controller_firmware	16.00	Yes
Operating System	rockwellautomation	guardlogix_5570_controller_firmware	17.00	Yes
Operating System	rockwellautomation	guardlogix_5570_controller_firmware	18.00	Yes
Operating System	rockwellautomation	guardlogix_5570_controller_firmware	19.00	Yes
Operating System	rockwellautomation	guardlogix_5570_controller_firmware	20.00	Yes
Operating System	rockwellautomation	guardlogix_5570_controller_firmware	20.010	Yes
Operating System	rockwellautomation	guardlogix_5570_controller_firmware	20.017	Yes
Operating System	rockwellautomation	guardlogix_5570_controller_firmware	21.00	Yes
Hardware	rockwellautomation	guardlogix_5570_controller	-	No
Operating System	rockwellautomation	flexlogix_l34_controller_firmware	16.00	Yes
Hardware	rockwellautomation	flexlogix_l34_controller	-	No
Operating System	rockwellautomation	controllogix_l55_controller_firmware	16.00	Yes
Operating System	rockwellautomation	controllogix_l55_controller_firmware	16.020	Yes
Operating System	rockwellautomation	controllogix_l55_controller_firmware	16.022	Yes
Hardware	rockwellautomation	controllogix_l55_controller	-	No
Operating System	rockwellautomation	controllogix_5570_redundant_controller_firmware	20.00	Yes
Operating System	rockwellautomation	controllogix_5570_redundant_controller_firmware	20.050	Yes
Operating System	rockwellautomation	controllogix_5570_redundant_controller_firmware	20.055	Yes
Operating System	rockwellautomation	controllogix_5570_redundant_controller_firmware	21.00	Yes
Hardware	rockwellautomation	controllogix_5570_redundant_controller	-	No
Operating System	rockwellautomation	controllogix_5570_controller_firmware	18.00	Yes
Operating System	rockwellautomation	controllogix_5570_controller_firmware	19.00	Yes
Operating System	rockwellautomation	controllogix_5570_controller_firmware	20.010	Yes
Operating System	rockwellautomation	controllogix_5570_controller_firmware	20.013	Yes
Operating System	rockwellautomation	controllogix_5570_controller_firmware	21.00	Yes
Hardware	rockwellautomation	controllogix_5570_controller	-	No
Operating System	rockwellautomation	controllogix_5560_redundant_controller_firmware	16.00	Yes
Operating System	rockwellautomation	controllogix_5560_redundant_controller_firmware	19.00	Yes
Operating System	rockwellautomation	controllogix_5560_redundant_controller_firmware	20.00	Yes
Operating System	rockwellautomation	controllogix_5560_redundant_controller_firmware	20.050	Yes
Operating System	rockwellautomation	controllogix_5560_redundant_controller_firmware	20.055	Yes
Hardware	rockwellautomation	controllogix_5560_redundant_controller	-	No
Operating System	rockwellautomation	controllogix_5560_controller_firmware	16.00	Yes
Operating System	rockwellautomation	controllogix_5560_controller_firmware	16.020	Yes
Operating System	rockwellautomation	controllogix_5560_controller_firmware	16.022	Yes
Operating System	rockwellautomation	controllogix_5560_controller_firmware	17.00	Yes
Operating System	rockwellautomation	controllogix_5560_controller_firmware	18.00	Yes
Operating System	rockwellautomation	controllogix_5560_controller_firmware	19.00	Yes
Operating System	rockwellautomation	controllogix_5560_controller_firmware	20.00	Yes
Operating System	rockwellautomation	controllogix_5560_controller_firmware	20.010	Yes
Operating System	rockwellautomation	controllogix_5560_controller_firmware	20.013	Yes
Hardware	rockwellautomation	controllogix_5560_controller	-	No
Operating System	rockwellautomation	1769_compactlogix_l3x_controller_firmware	16.00	Yes
Operating System	rockwellautomation	1769_compactlogix_l3x_controller_firmware	16.020	Yes
Operating System	rockwellautomation	1769_compactlogix_l3x_controller_firmware	16.023	Yes
Operating System	rockwellautomation	1769_compactlogix_l3x_controller_firmware	17.00	Yes
Operating System	rockwellautomation	1769_compactlogix_l3x_controller_firmware	18.00	Yes
Operating System	rockwellautomation	1769_compactlogix_l3x_controller_firmware	19.00	Yes
Operating System	rockwellautomation	1769_compactlogix_l3x_controller_firmware	20.00	Yes
Operating System	rockwellautomation	1769_compactlogix_l3x_controller_firmware	20.010	Yes
Operating System	rockwellautomation	1769_compactlogix_l3x_controller_firmware	20.013	Yes
Hardware	rockwellautomation	1769_compactlogix_l3x_controller	-	No
Operating System	rockwellautomation	1769_compactlogix_l23x_controller_firmware	16.00	Yes
Operating System	rockwellautomation	1769_compactlogix_l23x_controller_firmware	17.00	Yes
Operating System	rockwellautomation	1769_compactlogix_l23x_controller_firmware	18.00	Yes
Operating System	rockwellautomation	1769_compactlogix_l23x_controller_firmware	19.00	Yes
Operating System	rockwellautomation	1769_compactlogix_l23x_controller_firmware	20.00	Yes
Operating System	rockwellautomation	1769_compactlogix_l23x_controller_firmware	20.010	Yes
Operating System	rockwellautomation	1769_compactlogix_l23x_controller_firmware	20.013	Yes
Hardware	rockwellautomation	1769_compactlogix_l23x_controller	-	No
Operating System	rockwellautomation	1769_compactlogix_5370_l3_controller_firmware	20.00	Yes
Operating System	rockwellautomation	1769_compactlogix_5370_l3_controller_firmware	20.010	Yes
Operating System	rockwellautomation	1769_compactlogix_5370_l3_controller_firmware	20.013	Yes
Operating System	rockwellautomation	1769_compactlogix_5370_l3_controller_firmware	21.00	Yes
Hardware	rockwellautomation	1769_compactlogix_5370_l3_controller	-	No
Operating System	rockwellautomation	1769_compactlogix_5370_l2_controller_firmware	20.00	Yes
Operating System	rockwellautomation	1769_compactlogix_5370_l2_controller_firmware	20.010	Yes
Operating System	rockwellautomation	1769_compactlogix_5370_l2_controller_firmware	20.013	Yes
Operating System	rockwellautomation	1769_compactlogix_5370_l2_controller_firmware	21.00	Yes
Hardware	rockwellautomation	1769_compactlogix_5370_l2_controller	-	No
Operating System	rockwellautomation	1769_compactlogix_5370_l1_controller_firmware	20.00	Yes
Operating System	rockwellautomation	1769_compactlogix_5370_l1_controller_firmware	20.010	Yes
Operating System	rockwellautomation	1769_compactlogix_5370_l1_controller_firmware	20.013	Yes
Operating System	rockwellautomation	1769_compactlogix_5370_l1_controller_firmware	21.00	Yes
Hardware	rockwellautomation	1769_compactlogix_5370_l1_controller	-	No
Operating System	rockwellautomation	1768_compactlogix_l4x_controller_firmware	16.00	Yes
Operating System	rockwellautomation	1768_compactlogix_l4x_controller_firmware	16.020	Yes
Operating System	rockwellautomation	1768_compactlogix_l4x_controller_firmware	16.025	Yes
Operating System	rockwellautomation	1768_compactlogix_l4x_controller_firmware	17.00	Yes
Operating System	rockwellautomation	1768_compactlogix_l4x_controller_firmware	18.00	Yes
Operating System	rockwellautomation	1768_compactlogix_l4x_controller_firmware	19.00	Yes
Operating System	rockwellautomation	1768_compactlogix_l4x_controller_firmware	20.00	Yes
Operating System	rockwellautomation	1768_compactlogix_l4x_controller_firmware	20.011	Yes
Operating System	rockwellautomation	1768_compactlogix_l4x_controller_firmware	20.016	Yes
Hardware	rockwellautomation	1768_compactlogix_l4x_controller	-	No
Operating System	rockwellautomation	1768_compact_guardlogix_l4xs_controller_firmware	18.00	Yes
Operating System	rockwellautomation	1768_compact_guardlogix_l4xs_controller_firmware	19.00	Yes
Operating System	rockwellautomation	1768_compact_guardlogix_l4xs_controller_firmware	20.00	Yes
Operating System	rockwellautomation	1768_compact_guardlogix_l4xs_controller_firmware	20.011	Yes
Operating System	rockwellautomation	1768_compact_guardlogix_l4xs_controller_firmware	20.013	Yes
Hardware	rockwellautomation	1768_compact_guardlogix_l4xs_controller	-	No

References

http://www.securityfocus.com/bid/95304 Third Party Advisory, VDB Entry ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05 Third Party Advisory, US Government Resource ([email protected])
http://www.securityfocus.com/bid/95304 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)