Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3489

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-3489
Last Modified 13 Feb 2012 11:08:46
Published 16 Sep 2011 10:28:12
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3489

Summary

RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.

Vulnerable Systems

Application

  • Rockwellautomation Rslogix 19


References

XF - rslogix-rna-dos(69808)

BID - 49608

MISC - http://aluigi.altervista.org/adv/rslogix_1-adv.txt

SREASON - 8383


Last Updated: 27 May 2016 10:58:14