CVE-2013-2807 - OpenCVE

Vendors	Products
Rockwellautomation	Rslinx Enterprise

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02	US Government Resource Third Party Advisory

{"containers": {"cna": {"affected": [{"product": "RSLinx Enterprise Software", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "CPR9"}, {"status": "affected", "version": "CPR9-SR1"}, {"status": "affected", "version": "CPR9-SR2"}, {"status": "affected", "version": "CPR9-SR3"}, {"status": "affected", "version": "CPR9-SR4"}, {"status": "affected", "version": "CPR9-SR5"}, {"status": "affected", "version": "CPR9-SR5.1"}, {"status": "affected", "version": "CPR9-SR6"}]}], "datePublic": "2013-10-07T00:00:00", "descriptions": [{"lang": "en", "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "Integer overflow CWE-190", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-03-26T16:44:28", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-2807", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RSLinx Enterprise Software", "version": {"version_data": [{"version_value": "CPR9"}, {"version_value": "CPR9-SR1"}, {"version_value": "CPR9-SR2"}, {"version_value": "CPR9-SR3"}, {"version_value": "CPR9-SR4"}, {"version_value": "CPR9-SR5"}, {"version_value": "CPR9-SR5.1"}, {"version_value": "CPR9-SR6"}]}}]}, "vendor_name": "Rockwell Automation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Integer overflow CWE-190"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-2807", "datePublished": "2019-03-26T16:35:16", "dateReserved": "2013-04-11T00:00:00", "dateUpdated": "2019-03-26T16:44:28", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.10.00:*:*:*:*:*:*:*", "matchCriteriaId": "D42DF440-5AC1-4B7D-9A32-A30E2807D21B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.10.01:*:*:*:*:*:*:*", "matchCriteriaId": "436B1B6F-7B5F-4851-A04B-8E4FD1CCE75B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.20.00:*:*:*:*:*:*:*", "matchCriteriaId": "ECE341BF-F144-4F44-A232-0F4CB97CEAFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.21.00:*:*:*:*:*:*:*", "matchCriteriaId": "9B9B5530-419A-4587-A1D9-9E92ABB99300", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.30.00:*:*:*:*:*:*:*", "matchCriteriaId": "49BDD83C-D14A-434D-BA89-8451011C5F07", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.40.00:*:*:*:*:*:*:*", "matchCriteriaId": "7C37C557-4DA4-4A4F-8F5A-33DF41D37C45", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.50.00:*:*:*:*:*:*:*", "matchCriteriaId": "6F17A84F-CFA8-4BA9-A3D5-9044F53FC9FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.51.00:*:*:*:*:*:*:*", "matchCriteriaId": "4648726F-63DB-4F97-9A20-B224FDE5AA53", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:5.60.00:*:*:*:*:*:*:*", "matchCriteriaId": "33F649D7-E46D-4378-B044-ABC7C20D1AAD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"}, {"lang": "es", "value": "El software RSLinx Enterprise de Rockwell Automation (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1 y CPR9-SR6 no maneja la entrada correctamente y da como resultado un error l\u00f3gico si calcula un valor incorrecto para el campo \u201cTotal Record Size\u201d. Al enviar un datagrama al servicio a trav\u00e9s del puerto 4444 / UDP con el campo \"\u201cRecord Data Size\" modificado a un valor espec\u00edficamente sobredimensionado, el servicio calcular\u00e1 un valor de tama\u00f1o inferior al \"Tama\u00f1o de registro total\" que causar\u00e1 un fuera de los l\u00edmites violaci\u00f3n de acceso de lectura que conduce a un bloqueo del servicio. El servicio se puede recuperar con un reinicio manual. Los parches y detalles relativos a estas vulnerabilidades se pueden encontrar en el siguiente enlace de Asesor\u00eda de seguridad de Rockwell Automation (se requiere inicio de sesi\u00f3n): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"}], "id": "CVE-2013-2807", "lastModified": "2020-02-10T21:24:37.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-26T17:29:00.310", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource", "Third Party Advisory"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

JSON object

JSON object

JSON object