Sign-up

ID

VAR-201903-0603


CVE

CVE-2013-2807


TITLE

RSLinx Enterprise 'LogReceiver.exe' Integer Overflow Remote Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 01a2d15e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13664

DESCRIPTION

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599. Rockwell Automation RSLinx Enterprise software (LogReceiver.exe) Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RSLinx Enterprise is a standard OPC server software that bridges the communication between RSView Server and PLC. RSLinx Enterprise is prone to a remote denial-of-service vulnerability because it fails to properly bounds-check user-supplied data. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. The following versions are vulnerable: RSLinx Enterprise CPR9 RSLinx Enterprise CPR9-SR1 RSLinx Enterprise CPR9-SR2 RSLinx Enterprise CPR9-SR3 RSLinx Enterprise CPR9-SR4 RSLinx Enterprise CPR9-SR5 RSLinx Enterprise CPR9-SR5.1 RSLinx Enterprise CPR9-SR6. This software can establish communication links for Allen-Bradley (AB) programmable controllers, various Rockwell software, and AB application software. A buffer error vulnerability exists in Rockwell Automation RSLinx Enterprise due to improper bounds checking of user-submitted data. The following products and versions are affected: Rockwell Automation RSLinx Enterprise Version 5.10.00, Version 5.10.01, Version 5.20.00, Version 5.21.00, Version 5.30.00, Version 5.40.00, Version 5.50.00, Version 5.51.00 , version 5.60.00

Trust: 2.7

sources: NVD: CVE-2013-2807 // JVNDB: JVNDB-2013-006841 // CNVD: CNVD-2013-13664 // BID: 62880 // IVD: 01a2d15e-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-62809

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 01a2d15e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13664

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.30.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.10.01

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.10.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.20.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.60.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.40.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.50.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.51.00

Trust: 1.0

vendor:rockwellautomationmodel:rslinx enterprisescope:eqversion:5.21.00

Trust: 1.0

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr1

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr2

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr3

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr4

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr5

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr5.1

Trust: 0.8

vendor:rockwell automationmodel:rslinx enterprisescope:eqversion:cpr9-sr6

Trust: 0.8

vendor:rockwellmodel:software rslinx enterprise cpr9scope: - version: -

Trust: 0.6

vendor:rockwellmodel:software rslinx enterprise cpr9-srxscope: - version: -

Trust: 0.6

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr6scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr5.1scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr5scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr4scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr3scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr2scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9-sr1scope: - version: -

Trust: 0.3

vendor:rockwellmodel:automation rslinx enterprise cpr9scope: - version: -

Trust: 0.3

vendor:rslinxmodel: - scope:eqversion:5.10.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.10.01

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.20.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.21.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.30.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.40.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.50.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.51.00

Trust: 0.2

vendor:rslinxmodel: - scope:eqversion:5.60.00

Trust: 0.2

sources: IVD: 01a2d15e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13664 // BID: 62880 // JVNDB: JVNDB-2013-006841 // NVD: CVE-2013-2807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2807
value: HIGH

Trust: 1.0

NVD: CVE-2013-2807
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13664
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201310-256
value: HIGH

Trust: 0.6

IVD: 01a2d15e-2353-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-62809
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-2807
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13664
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 01a2d15e-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-62809
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2013-2807
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 01a2d15e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13664 // VULHUB: VHN-62809 // JVNDB: JVNDB-2013-006841 // CNNVD: CNNVD-201310-256 // NVD: CVE-2013-2807

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

problemtype:CWE-190

Trust: 1.0

sources: VULHUB: VHN-62809 // JVNDB: JVNDB-2013-006841 // NVD: CVE-2013-2807

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-256

TYPE

Buffer error

Trust: 0.8

sources: IVD: 01a2d15e-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201310-256

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006841

PATCH
title:Top Pageurl:http://www.rockwellautomation.com/
Trust: 0.8
title:RSLinx Enterprise 'LogReceiver.exe' Patch for Override Remote Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/40148
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13664 // 
            
            
            
            JVNDB: JVNDB-2013-006841

EXTERNAL IDS
db:NVDid:CVE-2013-2807
Trust: 3.6
db:ICS CERTid:ICSA-13-095-02
Trust: 2.5
db:BIDid:62880
Trust: 1.0
db:CNNVDid:CNNVD-201310-256
Trust: 0.9
db:ICS CERTid:ICSA-13-095-02A
Trust: 0.9
db:CNVDid:CNVD-2013-13664
Trust: 0.8
db:JVNDBid:JVNDB-2013-006841
Trust: 0.8
db:IVDid:01A2D15E-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-62809
Trust: 0.1
sources:
            
            
            IVD: 01a2d15e-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-13664 // 
            
            
            
            VULHUB: VHN-62809 // 
            
            
            
            BID: 62880 // 
            
            
            
            JVNDB: JVNDB-2013-006841 // 
            
            
            
            CNNVD: CNNVD-201310-256 // 
            
            
            
            NVD: CVE-2013-2807

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-13-095-02
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2013-2807
Trust: 1.4
url:http://ics-cert.us-cert.gov/advisories/icsa-13-095-02a
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2807
Trust: 0.8
url:http://www.rockwellautomation.com/rockwellsoftware/design/rslinx/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13664 // 
            
            
            
            VULHUB: VHN-62809 // 
            
            
            
            BID: 62880 // 
            
            
            
            JVNDB: JVNDB-2013-006841 // 
            
            
            
            CNNVD: CNNVD-201310-256 // 
            
            
            
            NVD: CVE-2013-2807

CREDITS
Carsten Eiram of Risk Based Security.
Trust: 0.9
sources:
            
            
            BID: 62880 // 
            
            
            
            CNNVD: CNNVD-201310-256

SOURCES
db:IVDid:01a2d15e-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-13664
db:VULHUBid:VHN-62809
db:BIDid:62880
db:JVNDBid:JVNDB-2013-006841
db:CNNVDid:CNNVD-201310-256
db:NVDid:CVE-2013-2807

LAST UPDATE DATE
2024-08-14T14:06:48.459000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13664date:2013-10-12T00:00:00
db:VULHUBid:VHN-62809date:2020-02-10T00:00:00
db:BIDid:62880date:2013-10-07T00:00:00
db:JVNDBid:JVNDB-2013-006841date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201310-256date:2020-05-29T00:00:00
db:NVDid:CVE-2013-2807date:2020-02-10T21:24:37.640

SOURCES RELEASE DATE
db:IVDid:01a2d15e-2353-11e6-abef-000c29c66e3ddate:2013-10-12T00:00:00
db:CNVDid:CNVD-2013-13664date:2013-10-12T00:00:00
db:VULHUBid:VHN-62809date:2019-03-26T00:00:00
db:BIDid:62880date:2013-10-07T00:00:00
db:JVNDBid:JVNDB-2013-006841date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201310-256date:2013-10-17T00:00:00
db:NVDid:CVE-2013-2807date:2019-03-26T17:29:00.310