Sign-up

ID

VAR-201903-0602


CVE

CVE-2013-2806


TITLE

RSLinx Enterprise 'LogReceiver.exe' Integer Overflow Denial of Service Vulnerability

Trust: 1.1

sources: IVD: 01ab868c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13663 // BID: 62878

DESCRIPTION

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599. Rockwell Automation RSLinx Enterprise software (LogReceiver.exe) Contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RSLinx Enterprise is a standard OPC server software that bridges the communication between RSView Server and PLC. Crash and need to be restarted to get normal service. RSLinx Enterprise is prone to a remote denial-of-service vulnerability because it fails to properly bounds-check user-supplied data. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. The following versions are vulnerable: RSLinx Enterprise CPR9 RSLinx Enterprise CPR9-SR1 RSLinx Enterprise CPR9-SR2 RSLinx Enterprise CPR9-SR3 RSLinx Enterprise CPR9-SR4 RSLinx Enterprise CPR9-SR5 RSLinx Enterprise CPR9-SR5.1 RSLinx Enterprise CPR9-SR6. This software can establish communication links for Allen-Bradley (AB) programmable controllers, various Rockwell software, and AB application software. The following products and versions are affected: Rockwell Automation RSLinx Enterprise Version 5.10.00, Version 5.10.01, Version 5.20.00, Version 5.21.00, Version 5.30.00, Version 5.40.00, Version 5.50.00, Version 5.51.00 , version 5.60.00

Trust: 2.7

sources: NVD: CVE-2013-2806 // JVNDB: JVNDB-2013-006840 // CNVD: CNVD-2013-13663 // BID: 62878 // IVD: 01ab868c-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-62808

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 01ab868c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13663

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.30.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.10.01

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.10.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.20.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.60.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.40.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.50.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.51.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.21.00

Trust: 1.0

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr1

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr2

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr3

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr4

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr5

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr5.1

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr6

Trust: 0.8

vendor:rockwellmodel:software rslinx enterprise cpr9scope: - version: -

Trust: 0.6

vendor:rockwellmodel:software rslinx enterprise cpr9-srxscope: - version: -

Trust: 0.6

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr6scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr5.1scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr5scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr4scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr3scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr2scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr1scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9scope: - version: -

Trust: 0.3

vendor:rslinxmodel: - scope:eqversion:5.10.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.10.01

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.20.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.21.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.30.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.40.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.50.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.51.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.60.00

Trust: 0.2

sources: IVD: 01ab868c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13663 // BID: 62878 // JVNDB: JVNDB-2013-006840 // NVD: CVE-2013-2806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2806
value: HIGH

Trust: 1.0

NVD: CVE-2013-2806
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13663
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201310-254
value: HIGH

Trust: 0.6

IVD: 01ab868c-2353-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-62808
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-2806
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13663
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 01ab868c-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-62808
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2013-2806
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 01ab868c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13663 // VULHUB: VHN-62808 // JVNDB: JVNDB-2013-006840 // CNNVD: CNNVD-201310-254 // NVD: CVE-2013-2806

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-62808 // JVNDB: JVNDB-2013-006840 // NVD: CVE-2013-2806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-254

TYPE

Input validation error

Trust: 1.1

sources: IVD: 01ab868c-2353-11e6-abef-000c29c66e3d // BID: 62878 // CNNVD: CNNVD-201310-254

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006840

PATCH
title:Top Pageurl:http://www.rockwellautomation.com/
Trust: 0.8
title:RSLinx Enterprise 'LogReceiver.exe' Patch for Integer Overflow Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/40159
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13663 // 
            
            
            
            JVNDB: JVNDB-2013-006840

EXTERNAL IDS
db:NVDid:CVE-2013-2806
Trust: 3.6
db:ICS CERTid:ICSA-13-095-02
Trust: 2.5
db:BIDid:62878
Trust: 1.0
db:CNNVDid:CNNVD-201310-254
Trust: 0.9
db:ICS CERTid:ICSA-13-095-02A
Trust: 0.9
db:CNVDid:CNVD-2013-13663
Trust: 0.8
db:JVNDBid:JVNDB-2013-006840
Trust: 0.8
db:IVDid:01AB868C-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-62808
Trust: 0.1
sources:
            
            
            IVD: 01ab868c-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-13663 // 
            
            
            
            VULHUB: VHN-62808 // 
            
            
            
            BID: 62878 // 
            
            
            
            JVNDB: JVNDB-2013-006840 // 
            
            
            
            CNNVD: CNNVD-201310-254 // 
            
            
            
            NVD: CVE-2013-2806

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-13-095-02
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2013-2806
Trust: 1.4
url:http://ics-cert.us-cert.gov/advisories/icsa-13-095-02a
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2806
Trust: 0.8
url:http://www.rockwellautomation.com/rockwellsoftware/design/rslinx/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13663 // 
            
            
            
            VULHUB: VHN-62808 // 
            
            
            
            BID: 62878 // 
            
            
            
            JVNDB: JVNDB-2013-006840 // 
            
            
            
            CNNVD: CNNVD-201310-254 // 
            
            
            
            NVD: CVE-2013-2806

CREDITS
Carsten Eiram of Risk Based Security.
Trust: 0.9
sources:
            
            
            BID: 62878 // 
            
            
            
            CNNVD: CNNVD-201310-254

SOURCES
db:IVDid:01ab868c-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-13663
db:VULHUBid:VHN-62808
db:BIDid:62878
db:JVNDBid:JVNDB-2013-006840
db:CNNVDid:CNNVD-201310-254
db:NVDid:CVE-2013-2806

LAST UPDATE DATE
2024-08-14T14:06:48.501000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13663date:2013-10-12T00:00:00
db:VULHUBid:VHN-62808date:2020-02-10T00:00:00
db:BIDid:62878date:2013-10-07T00:00:00
db:JVNDBid:JVNDB-2013-006840date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201310-254date:2020-05-29T00:00:00
db:NVDid:CVE-2013-2806date:2020-02-10T21:24:37.560

SOURCES RELEASE DATE
db:IVDid:01ab868c-2353-11e6-abef-000c29c66e3ddate:2013-10-12T00:00:00
db:CNVDid:CNVD-2013-13663date:2013-10-12T00:00:00
db:VULHUBid:VHN-62808date:2019-03-26T00:00:00
db:BIDid:62878date:2013-10-07T00:00:00
db:JVNDBid:JVNDB-2013-006840date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201310-254date:2013-10-17T00:00:00
db:NVDid:CVE-2013-2806date:2019-03-26T17:29:00.247