Intelligence Center » Browse All Vulnerabilities » CVE-2012-6437
Overview |
|
| Vulnerability Score |  10.0 |
| CVE Id | CVE-2012-6437 |
| Last Modified | 25 Jan 2013 11:25:38 |
| Published | 24 Jan 2013 04:55:01 |
| Confidentiality Impact | COMPLETE |
| Integrity Impact | COMPLETE |
| Availability Impact | COMPLETE |
| Access Vector | NETWORK |
| Access Complexity | LOW |
| Authentication | NONE |
CVE-2012-6437
Summary
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image.
Vulnerable Systems
Application
Rockwellautomation Controllogix Controllers 20
Rockwellautomation Guardlogix Controllers 20
Rockwellautomation Micrologix 1100
Rockwellautomation Micrologix 1400
Rockwellautomation Softlogix Controllers 19
References
MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf
IT Risk Posture:
Free Risk Assessment Tools
Application Scanner
Find vulnerabilities on your network.
Device Scanner
Find vulnerabilities on your network.
Patch Scanner
Find vulnerabilities on your network.
Last Updated: 27 May 2016 11:01:43
