Details of VAR-201304-0009

ID

VAR-201304-0009

CVE

CVE-2012-4715

TITLE

Rockwell Automation RSLinx Enterprise of LogReceiver.exe Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2013-002410

DESCRIPTION

Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a UDP packet with a certain integer length value that is (1) too large or (2) too small, leading to improper handling by Logger.dll. RSLinx Enterprise is a standard OPC server software that bridges the communication between RSView Server and PLC. RSLinx Enterprise (LogReceiver.exe and Logger.dll) does not process the input correctly. Receiving a very large packet can cause a logic error. The attacker sends a data containing a very large byte size to the 4444/UDP port (user configurable, not enabled by default). A package that stops the service or may cause arbitrary code execution. The following products are affected by this vulnerability: CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1 and CPR9-SR6. RSLinx Enterprise is prone to a denial-of-service vulnerability because the application fails to properly handle the input submitted to it. An attacker can exploit this issue to terminate the affected service of the vulnerable application, denying service to legitimate users. Due to nature of this issue code execution is possible but Symantec has not confirmed it. Note: This BID is being retired as a duplicate of the issue discussed in BID 58917 (RSLinx Enterprise 'Logger.dll' CVE-2012-4695 Denial of Service Vulnerability). The following versions are affected: RSLinx Enterprise CPR9-SR2 RSLinx Enterprise CPR9-SR3 RSLinx Enterprise CPR9-SR4 RSLinx Enterprise CPR9-SR5 RSLinx Enterprise CPR9-SR5.1 RSLinx Enterprise CPR9-SR6. This software can establish communication links for Allen-Bradley (AB) programmable controllers, various Rockwell software, and AB application software. A buffer overflow vulnerability exists in LogReceiver.exe in Rockwell Automation RSLinx Enterprise

Trust: 3.06

sources: NVD: CVE-2012-4715 // JVNDB: JVNDB-2013-002410 // CNVD: CNVD-2013-02790 // BID: 58915 // IVD: fb1ea858-2352-11e6-abef-000c29c66e3d // IVD: fb189e90-2352-11e6-abef-000c29c66e3d // IVD: faef2e48-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-57996

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: fb1ea858-2352-11e6-abef-000c29c66e3d // IVD: fb189e90-2352-11e6-abef-000c29c66e3d // IVD: faef2e48-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02790

AFFECTED PRODUCTS

vendor:	rslinx	model:	cpr9	scope:	-	version:	-	Trust: 4.8
vendor:	rockwellautomation	model:	rslinx enterprise	scope:	eq	version:	cpr9	Trust: 1.6
vendor:	rockwell automation	model:	rslinx enterprise	scope:	eq	version:	cpr9	Trust: 0.8
vendor:	rockwell automation	model:	rslinx enterprise	scope:	eq	version:	cpr9-sr1	Trust: 0.8
vendor:	rockwell automation	model:	rslinx enterprise	scope:	eq	version:	cpr9-sr2	Trust: 0.8
vendor:	rockwell automation	model:	rslinx enterprise	scope:	eq	version:	cpr9-sr3	Trust: 0.8
vendor:	rockwell automation	model:	rslinx enterprise	scope:	eq	version:	cpr9-sr4	Trust: 0.8
vendor:	rockwell automation	model:	rslinx enterprise	scope:	eq	version:	cpr9-sr5	Trust: 0.8
vendor:	rockwell automation	model:	rslinx enterprise	scope:	eq	version:	cpr9-sr5.1	Trust: 0.8
vendor:	rockwell automation	model:	rslinx enterprise	scope:	eq	version:	cpr9-sr6	Trust: 0.8
vendor:	rockwell	model:	automation rslinx enterprise software	scope:	-	version:	-	Trust: 0.6

sources: IVD: fb1ea858-2352-11e6-abef-000c29c66e3d // IVD: fb189e90-2352-11e6-abef-000c29c66e3d // IVD: faef2e48-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02790 // JVNDB: JVNDB-2013-002410 // CNNVD: CNNVD-201304-066 // NVD: CVE-2012-4715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4715
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-4715
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-02790
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201304-066
value:	CRITICAL
Trust: 0.6
IVD:	fb1ea858-2352-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	fb189e90-2352-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	faef2e48-2352-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-57996
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-4715
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-02790
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	fb1ea858-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	fb189e90-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	faef2e48-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-57996
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: fb1ea858-2352-11e6-abef-000c29c66e3d // IVD: fb189e90-2352-11e6-abef-000c29c66e3d // IVD: faef2e48-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02790 // VULHUB: VHN-57996 // JVNDB: JVNDB-2013-002410 // CNNVD: CNNVD-201304-066 // NVD: CVE-2012-4715

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-57996 // JVNDB: JVNDB-2013-002410 // NVD: CVE-2012-4715

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-066

TYPE

Buffer overflow

Trust: 1.2

sources: IVD: fb1ea858-2352-11e6-abef-000c29c66e3d // IVD: fb189e90-2352-11e6-abef-000c29c66e3d // IVD: faef2e48-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201304-066

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002410

PATCH

title:	Top Page	url:	http://www.rockwellautomation.com/	Trust: 0.8
title:	Partner	url:	http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner	Trust: 0.8
title:	Top Page	url:	http://jp.rockwellautomation.com/	Trust: 0.8
title:	Patch for RSLinx Enterprise 'Logger.dll' Remote Denial of Service Vulnerability ( CNVD-2013-21804 )	url:	https://www.cnvd.org.cn/patchInfo/show/33159	Trust: 0.6

sources: CNVD: CNVD-2013-02790 // JVNDB: JVNDB-2013-002410

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4715	Trust: 4.0
db:	ICS CERT	id:	ICSA-13-095-02	Trust: 3.1
db:	BID	id:	58915	Trust: 1.6
db:	CNNVD	id:	CNNVD-201304-066	Trust: 1.3
db:	CNVD	id:	CNVD-2013-02790	Trust: 1.2
db:	JVNDB	id:	JVNDB-2013-002410	Trust: 0.8
db:	SECUNIA	id:	52808	Trust: 0.6
db:	IVD	id:	FB1EA858-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	FB189E90-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	FAEF2E48-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-57996	Trust: 0.1

sources: IVD: fb1ea858-2352-11e6-abef-000c29c66e3d // IVD: fb189e90-2352-11e6-abef-000c29c66e3d // IVD: faef2e48-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02790 // VULHUB: VHN-57996 // BID: 58915 // JVNDB: JVNDB-2013-002410 // CNNVD: CNNVD-201304-066 // NVD: CVE-2012-4715

REFERENCES

url:	http://ics-cert.us-cert.gov/pdf/icsa-13-095-02.pdf	Trust: 3.1
url:	https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4715	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4715	Trust: 0.8
url:	http://secunia.com/advisories/52808	Trust: 0.6
url:	http://www.securityfocus.com/bid/58915	Trust: 0.6
url:	http://www.rockwellautomation.com/	Trust: 0.3

sources: CNVD: CNVD-2013-02790 // VULHUB: VHN-57996 // BID: 58915 // JVNDB: JVNDB-2013-002410 // CNNVD: CNNVD-201304-066 // NVD: CVE-2012-4715

CREDITS

Carsten Eiram of Risk Based Security

Trust: 0.9

sources: BID: 58915 // CNNVD: CNNVD-201304-066

SOURCES

db:	IVD	id:	fb1ea858-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	fb189e90-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	faef2e48-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-02790
db:	VULHUB	id:	VHN-57996
db:	BID	id:	58915
db:	JVNDB	id:	JVNDB-2013-002410
db:	CNNVD	id:	CNNVD-201304-066
db:	NVD	id:	CVE-2012-4715

LAST UPDATE DATE

2025-04-11T22:48:56.747000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-02790	date:	2013-05-20T00:00:00
db:	VULHUB	id:	VHN-57996	date:	2013-10-02T00:00:00
db:	BID	id:	58915	date:	2013-10-09T01:06:00
db:	JVNDB	id:	JVNDB-2013-002410	date:	2013-04-22T00:00:00
db:	CNNVD	id:	CNNVD-201304-066	date:	2013-04-22T00:00:00
db:	NVD	id:	CVE-2012-4715	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	fb1ea858-2352-11e6-abef-000c29c66e3d	date:	2013-04-09T00:00:00
db:	IVD	id:	fb189e90-2352-11e6-abef-000c29c66e3d	date:	2013-04-09T00:00:00
db:	IVD	id:	faef2e48-2352-11e6-abef-000c29c66e3d	date:	2013-04-09T00:00:00
db:	CNVD	id:	CNVD-2013-02790	date:	2013-04-09T00:00:00
db:	VULHUB	id:	VHN-57996	date:	2013-04-18T00:00:00
db:	BID	id:	58915	date:	2013-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2013-002410	date:	2013-04-22T00:00:00
db:	CNNVD	id:	CNNVD-201304-066	date:	2013-04-11T00:00:00
db:	NVD	id:	CVE-2012-4715	date:	2013-04-18T11:33:02.067