Description
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.
Exploits (1)
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69808
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8383
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49608
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/rslogix_1-adv.txt
Scores
EPSS
0.0023
EPSS Percentile
45.8%
Details
CWE
CWE-119
Status
published
Products (1)
rockwellautomation/rslogix
< 19
Published
Sep 16, 2011
Tracked Since
Feb 18, 2026