Details of VAR-201904-0183

ID

VAR-201904-0183

CVE

CVE-2019-6553

TITLE

Rockwell Automation RSLinx Classic Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-003130 // CNNVD: CNNVD-201903-091

DESCRIPTION

A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition. Rockwell Automation RSLinx Classic Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The program supports access to RockwellSoftware and Allen-Bradley applications via Allen-Bradley programmable controllers. A stack buffer overflow vulnerability exists in the .dll file in Rockwell Automation RSLinx Classic 4.10.00 and earlier, which can be exploited by remote attackers to execute code on target devices. RSLinx Classic is prone to a local stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 2.79

sources: NVD: CVE-2019-6553 // JVNDB: JVNDB-2019-003130 // CNVD: CNVD-2019-06356 // BID: 107293 // IVD: 22340a40-c1fc-4b6b-bb8d-0796bed11007 // VULHUB: VHN-157988 // VULMON: CVE-2019-6553

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 22340a40-c1fc-4b6b-bb8d-0796bed11007 // CNVD: CNVD-2019-06356

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	rslinx	scope:	lte	version:	4.10.00	Trust: 1.0
vendor:	rockwell automation	model:	rslinx classic	scope:	lte	version:	4.10.00	Trust: 0.8
vendor:	rockwell	model:	automation rslinx classic	scope:	lte	version:	<=4.10.00	Trust: 0.6
vendor:	rockwell	model:	automation rslinx classic	scope:	eq	version:	4.10.00	Trust: 0.3
vendor:	rockwell	model:	automation rslinx classic	scope:	eq	version:	4.00.01	Trust: 0.3
vendor:	rockwell	model:	automation rslinx classic	scope:	eq	version:	3.90.01	Trust: 0.3
vendor:	rockwell	model:	automation rslinx classic	scope:	eq	version:	3.73.00	Trust: 0.3
vendor:	rockwell	model:	automation rslinx classic	scope:	eq	version:	3.72.00	Trust: 0.3
vendor:	rockwell	model:	automation rslinx classic	scope:	eq	version:	1.0.5.1	Trust: 0.3
vendor:	rslinx	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 22340a40-c1fc-4b6b-bb8d-0796bed11007 // CNVD: CNVD-2019-06356 // BID: 107293 // JVNDB: JVNDB-2019-003130 // NVD: CVE-2019-6553

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6553
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-6553
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-06356
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201903-091
value:	CRITICAL
Trust: 0.6
IVD:	22340a40-c1fc-4b6b-bb8d-0796bed11007
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-157988
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-6553
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-6553
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-06356
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	22340a40-c1fc-4b6b-bb8d-0796bed11007
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-157988
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6553
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6553
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 22340a40-c1fc-4b6b-bb8d-0796bed11007 // CNVD: CNVD-2019-06356 // VULHUB: VHN-157988 // VULMON: CVE-2019-6553 // JVNDB: JVNDB-2019-003130 // CNNVD: CNNVD-201903-091 // NVD: CVE-2019-6553

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-157988 // JVNDB: JVNDB-2019-003130 // NVD: CVE-2019-6553

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-091

TYPE

Buffer error

Trust: 0.8

sources: IVD: 22340a40-c1fc-4b6b-bb8d-0796bed11007 // CNNVD: CNNVD-201903-091

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003130

PATCH

title:	FACTORYTALK LINX (RSLinx Classic)	url:	https://www.rockwellautomation.com/rockwellsoftware/products/rslinx.page	Trust: 0.8
title:	Patch for Rockwell Automation RSLinx Classic Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/155351	Trust: 0.6
title:	Rockwell Automation RSLinx Classic Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89761	Trust: 0.6

sources: CNVD: CNVD-2019-06356 // JVNDB: JVNDB-2019-003130 // CNNVD: CNNVD-201903-091

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6553	Trust: 3.7
db:	ICS CERT	id:	ICSA-19-064-01	Trust: 3.5
db:	AUSCERT	id:	ESB-2019.0684	Trust: 1.2
db:	BID	id:	107293	Trust: 1.1
db:	CNNVD	id:	CNNVD-201903-091	Trust: 0.9
db:	CNVD	id:	CNVD-2019-06356	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-003130	Trust: 0.8
db:	NSFOCUS	id:	47151	Trust: 0.6
db:	IVD	id:	22340A40-C1FC-4B6B-BB8D-0796BED11007	Trust: 0.2
db:	VULHUB	id:	VHN-157988	Trust: 0.1
db:	VULMON	id:	CVE-2019-6553	Trust: 0.1

sources: IVD: 22340a40-c1fc-4b6b-bb8d-0796bed11007 // CNVD: CNVD-2019-06356 // VULHUB: VHN-157988 // VULMON: CVE-2019-6553 // BID: 107293 // JVNDB: JVNDB-2019-003130 // CNNVD: CNNVD-201903-091 // NVD: CVE-2019-6553

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-064-01	Trust: 3.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6553	Trust: 1.4
url:	https://www.securityfocus.com/bid/107293	Trust: 1.3
url:	https://www.auscert.org.au/bulletins/76510	Trust: 1.2
url:	http://www.rockwellautomation.com/rockwellsoftware/design/rslinx/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6553	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47151	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-06356 // VULHUB: VHN-157988 // VULMON: CVE-2019-6553 // BID: 107293 // JVNDB: JVNDB-2019-003130 // CNNVD: CNNVD-201903-091 // NVD: CVE-2019-6553

CREDITS

Rockwell Automation (working with Tenable),Rockwell Automation (working with Tenable) reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-201903-091

SOURCES

db:	IVD	id:	22340a40-c1fc-4b6b-bb8d-0796bed11007
db:	CNVD	id:	CNVD-2019-06356
db:	VULHUB	id:	VHN-157988
db:	VULMON	id:	CVE-2019-6553
db:	BID	id:	107293
db:	JVNDB	id:	JVNDB-2019-003130
db:	CNNVD	id:	CNNVD-201903-091
db:	NVD	id:	CVE-2019-6553

LAST UPDATE DATE

2024-11-23T21:37:33.243000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-06356	date:	2019-03-06T00:00:00
db:	VULHUB	id:	VHN-157988	date:	2020-10-06T00:00:00
db:	VULMON	id:	CVE-2019-6553	date:	2020-10-06T00:00:00
db:	BID	id:	107293	date:	2019-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-003130	date:	2019-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201903-091	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-6553	date:	2024-11-21T04:46:40.983

SOURCES RELEASE DATE

db:	IVD	id:	22340a40-c1fc-4b6b-bb8d-0796bed11007	date:	2019-03-06T00:00:00
db:	CNVD	id:	CNVD-2019-06356	date:	2019-03-06T00:00:00
db:	VULHUB	id:	VHN-157988	date:	2019-04-04T00:00:00
db:	VULMON	id:	CVE-2019-6553	date:	2019-04-04T00:00:00
db:	BID	id:	107293	date:	2019-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-003130	date:	2019-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201903-091	date:	2019-03-05T00:00:00
db:	NVD	id:	CVE-2019-6553	date:	2019-04-04T19:29:01.727