CVE-2016-9343
CRITICALRockwell Automation Logix5000 <21.00 - Buffer Overflow/DoS
Title source: llmDescription
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95304
Scores
CVSS v3
10.0
EPSS
0.0009
EPSS Percentile
24.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (50)
n/a/Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00
Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00
rockwellautomation/1768_compact_guardlogix_l4xs_controller_firmware
18.00
rockwellautomation/1768_compact_guardlogix_l4xs_controller_firmware
19.00
rockwellautomation/1768_compact_guardlogix_l4xs_controller_firmware
20.00
rockwellautomation/1768_compact_guardlogix_l4xs_controller_firmware
20.011
rockwellautomation/1768_compact_guardlogix_l4xs_controller_firmware
20.013
rockwellautomation/1768_compactlogix_l4x_controller_firmware
16.00
rockwellautomation/1768_compactlogix_l4x_controller_firmware
16.020
rockwellautomation/1768_compactlogix_l4x_controller_firmware
16.025
rockwellautomation/1768_compactlogix_l4x_controller_firmware
17.00
... and 40 more
Published
Feb 13, 2017
Tracked Since
Feb 18, 2026