Sign-up

ID

VAR-201609-0392


CVE

CVE-2016-5814


TITLE

plural Rockwell Automation RSLogix Product buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004818

DESCRIPTION

Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a RSS (project) file. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. are all configuration software for automation products in Rockwell Automation. A buffer overflow vulnerability exists in several Rockwell Automation products. Failed exploit attempts will result in denial-of-service conditions

Trust: 3.42

sources: NVD: CVE-2016-5814 // JVNDB: JVNDB-2016-004818 // ZDI: ZDI-16-518 // CNVD: CNVD-2016-07735 // BID: 92983 // IVD: fc29ead5-4181-4904-b10f-3ea7c6b0f22e // VULHUB: VHN-94633 // VULMON: CVE-2016-5814

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: fc29ead5-4181-4904-b10f-3ea7c6b0f22e // CNVD: CNVD-2016-07735

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:rslogix 500 starter editionscope:eqversion: -

Trust: 1.6

vendor:rockwellautomationmodel:rslogix micro developerscope:eqversion: -

Trust: 1.6

vendor:rockwellautomationmodel:rslogix 500 standard editionscope:eqversion: -

Trust: 1.6

vendor:rockwellautomationmodel:rslogix micro starter litescope:eqversion: -

Trust: 1.6

vendor:rockwellautomationmodel:rslogix 500 professional editionscope:eqversion: -

Trust: 1.6

vendor:rockwell automationmodel:rslogix micro starter litescope: - version: -

Trust: 1.5

vendor:rockwellmodel:automation rslogix professional editionscope:eqversion:5000

Trust: 0.9

vendor:rockwellmodel:automation rslogix standard editionscope:eqversion:5000

Trust: 0.9

vendor:rockwellmodel:automation rslogix starter editionscope:eqversion:5000

Trust: 0.9

vendor:rockwellmodel:automation rslogix micro developerscope:eqversion:0

Trust: 0.9

vendor:rockwellmodel:automation rslogix micro starter litescope:eqversion:0

Trust: 0.9

vendor:rockwell automationmodel:rslogix 500 professional editionscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:rslogix 500 standard editionscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:rslogix 500 starter editionscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:rslogix micro developerscope: - version: -

Trust: 0.8

vendor:rockwellmodel:automation rslogix micro starter litescope:neversion:8.40

Trust: 0.3

vendor:rockwellmodel:automation rslogix micro developerscope:neversion:8.40

Trust: 0.3

vendor:rockwellmodel:automation rslogix starter editionscope:neversion:5008.40

Trust: 0.3

vendor:rockwellmodel:automation rslogix standard editionscope:neversion:5008.40

Trust: 0.3

vendor:rockwellmodel:automation rslogix professional editionscope:neversion:5008.40

Trust: 0.3

vendor:rslogix 500 professional editionmodel: - scope:eqversion: -

Trust: 0.2

vendor:rslogix 500 standard editionmodel: - scope:eqversion: -

Trust: 0.2

vendor:rslogix 500 starter editionmodel: - scope:eqversion: -

Trust: 0.2

vendor:rslogix micro developermodel: - scope:eqversion: -

Trust: 0.2

vendor:rslogix micro starter litemodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: fc29ead5-4181-4904-b10f-3ea7c6b0f22e // ZDI: ZDI-16-518 // CNVD: CNVD-2016-07735 // BID: 92983 // JVNDB: JVNDB-2016-004818 // CNNVD: CNNVD-201609-341 // NVD: CVE-2016-5814

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5814
value: HIGH

Trust: 1.0

NVD: CVE-2016-5814
value: HIGH

Trust: 0.8

ZDI: CVE-2016-5814
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2016-07735
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201609-341
value: CRITICAL

Trust: 0.6

IVD: fc29ead5-4181-4904-b10f-3ea7c6b0f22e
value: CRITICAL

Trust: 0.2

VULHUB: VHN-94633
value: HIGH

Trust: 0.1

VULMON: CVE-2016-5814
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-5814
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2016-5814
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2016-07735
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: fc29ead5-4181-4904-b10f-3ea7c6b0f22e
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-94633
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5814
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: IVD: fc29ead5-4181-4904-b10f-3ea7c6b0f22e // ZDI: ZDI-16-518 // CNVD: CNVD-2016-07735 // VULHUB: VHN-94633 // VULMON: CVE-2016-5814 // JVNDB: JVNDB-2016-004818 // CNNVD: CNNVD-201609-341 // NVD: CVE-2016-5814

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-94633 // JVNDB: JVNDB-2016-004818 // NVD: CVE-2016-5814

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-341

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: fc29ead5-4181-4904-b10f-3ea7c6b0f22e // CNNVD: CNNVD-201609-341

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004818

PATCH
title:Top Pageurl:http://www.rockwellautomation.com/ja_JP/overview.page
Trust: 0.8
title:Rockwell Automation has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-224-02
Trust: 0.7
title:Patches for multiple Rockwell Automation product buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/81521
Trust: 0.6
title:Multiple Rockwell Automation Product Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64141
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-518 // 
            
            
            
            CNVD: CNVD-2016-07735 // 
            
            
            
            JVNDB: JVNDB-2016-004818 // 
            
            
            
            CNNVD: CNNVD-201609-341

EXTERNAL IDS
db:NVDid:CVE-2016-5814
Trust: 4.4
db:ICS CERTid:ICSA-16-224-02
Trust: 3.5
db:BIDid:92983
Trust: 2.1
db:ZDIid:ZDI-16-518
Trust: 1.0
db:CNNVDid:CNNVD-201609-341
Trust: 0.9
db:CNVDid:CNVD-2016-07735
Trust: 0.8
db:JVNDBid:JVNDB-2016-004818
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3793
Trust: 0.7
db:IVDid:FC29EAD5-4181-4904-B10F-3EA7C6B0F22E
Trust: 0.2
db:VULHUBid:VHN-94633
Trust: 0.1
db:VULMONid:CVE-2016-5814
Trust: 0.1
sources:
            
            
            IVD: fc29ead5-4181-4904-b10f-3ea7c6b0f22e // 
            
            
            
            ZDI: ZDI-16-518 // 
            
            
            
            CNVD: CNVD-2016-07735 // 
            
            
            
            VULHUB: VHN-94633 // 
            
            
            
            VULMON: CVE-2016-5814 // 
            
            
            
            BID: 92983 // 
            
            
            
            JVNDB: JVNDB-2016-004818 // 
            
            
            
            CNNVD: CNNVD-201609-341 // 
            
            
            
            NVD: CVE-2016-5814

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-224-02
Trust: 4.3
url:http://www.securityfocus.com/bid/92983
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5814
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5814
Trust: 0.8
url:http://www.rockwellautomation.com/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-518/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=48921
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-518 // 
            
            
            
            CNVD: CNVD-2016-07735 // 
            
            
            
            VULHUB: VHN-94633 // 
            
            
            
            VULMON: CVE-2016-5814 // 
            
            
            
            BID: 92983 // 
            
            
            
            JVNDB: JVNDB-2016-004818 // 
            
            
            
            CNNVD: CNNVD-201609-341 // 
            
            
            
            NVD: CVE-2016-5814

CREDITS
Ariele Caltabiano [kimiya]
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-518

SOURCES
db:IVDid:fc29ead5-4181-4904-b10f-3ea7c6b0f22e
db:ZDIid:ZDI-16-518
db:CNVDid:CNVD-2016-07735
db:VULHUBid:VHN-94633
db:VULMONid:CVE-2016-5814
db:BIDid:92983
db:JVNDBid:JVNDB-2016-004818
db:CNNVDid:CNNVD-201609-341
db:NVDid:CVE-2016-5814

LAST UPDATE DATE
2025-04-13T23:36:24.174000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-518date:2016-09-19T00:00:00
db:CNVDid:CNVD-2016-07735date:2016-09-20T00:00:00
db:VULHUBid:VHN-94633date:2016-11-28T00:00:00
db:VULMONid:CVE-2016-5814date:2016-11-28T00:00:00
db:BIDid:92983date:2016-09-21T13:00:00
db:JVNDBid:JVNDB-2016-004818date:2016-09-26T00:00:00
db:CNNVDid:CNNVD-201609-341date:2016-09-19T00:00:00
db:NVDid:CVE-2016-5814date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:fc29ead5-4181-4904-b10f-3ea7c6b0f22edate:2016-09-20T00:00:00
db:ZDIid:ZDI-16-518date:2016-09-19T00:00:00
db:CNVDid:CNVD-2016-07735date:2016-09-20T00:00:00
db:VULHUBid:VHN-94633date:2016-09-19T00:00:00
db:VULMONid:CVE-2016-5814date:2016-09-19T00:00:00
db:BIDid:92983date:2016-09-15T00:00:00
db:JVNDBid:JVNDB-2016-004818date:2016-09-26T00:00:00
db:CNNVDid:CNNVD-201609-341date:2016-09-19T00:00:00
db:NVDid:CVE-2016-5814date:2016-09-19T01:59:05.133