CVE-2016-5814
HIGHRockwell Automation RSLogix - Remote Code Execution via Crafted RSS Project File
Title source: llmDescription
Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.
References (2)
Core 2
Core References
Mitigation, Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-224-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92983
Scores
CVSS v3
8.6
EPSS
0.0084
EPSS Percentile
74.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (5)
rockwellautomation/rslogix_500_professional_edition
rockwellautomation/rslogix_500_standard_edition
rockwellautomation/rslogix_500_starter_edition
rockwellautomation/rslogix_micro_developer
rockwellautomation/rslogix_micro_starter_lite
Published
Sep 19, 2016
Tracked Since
Feb 18, 2026