CVE-2018-14829 - OpenCVE

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Rockwellautomation	Rslinx

Configuration 1 [-]

cpe:2.3:a:rockwellautomation:rslinx:*:*:*:*:classic:*:*:*

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02	Third Party Advisory US Government Resource
https://www.tenable.com/security/research/tra-2018-26	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2018-09-20T00:00:00

Updated: 2018-09-21T09:57:01

Reserved: 2018-08-01T00:00:00

Link: CVE-2018-14829

JSON object: View

NVD Information

Status : Modified

Published: 2018-09-20T19:29:00.690

Modified: 2019-10-09T23:35:18.107

Link: CVE-2018-14829

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "RSLinx Classic", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "4.00.01 and prior"}]}], "datePublic": "2018-09-20T00:00:00", "descriptions": [{"lang": "en", "value": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-21T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2018-26"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-09-20T00:00:00", "ID": "CVE-2018-14829", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RSLinx Classic", "version": {"version_data": [{"version_value": "4.00.01 and prior"}]}}]}, "vendor_name": "Rockwell Automation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"}, {"name": "https://www.tenable.com/security/research/tra-2018-26", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2018-26"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-14829", "datePublished": "2018-09-20T00:00:00", "dateReserved": "2018-08-01T00:00:00", "dateUpdated": "2018-09-21T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:rslinx:*:*:*:*:classic:*:*:*", "matchCriteriaId": "8A2F3687-1906-476D-9947-B4A02AAA1E24", "versionEndIncluding": "4.00.01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code."}, {"lang": "es", "value": "Rockwell Automation RSLinx Classic en versiones 4.00.01 y anteriores. Esta vulnerabilidad podr\u00eda permitir que un actor de amenaza remoto env\u00ede de forma intencional un paquete CIP mal formado al puerto 44818, lo que provoca que la aplicaci\u00f3n deje de responder y se cierre inesperadamente. La vulnerabilidad tambi\u00e9n tiene potencial para explotar una condici\u00f3n de desbordamiento de b\u00fafer, lo que podr\u00eda permitir que el actor de amenaza ejecutar c\u00f3digo arbitrario de forma remota."}], "id": "CVE-2018-14829", "lastModified": "2019-10-09T23:35:18.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-20T19:29:00.690", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2018-26"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}