Detections
Analytics

Rockwell Automation RSLinx Classic < 3.73 Arbitrary Code Execution

medium Nessus Network Monitor Plugin ID 720181

Synopsis

Rockwell Automation RSLinx Classic allows remote attackers to execute arbitrary code.

Description

Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646324,https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02

Plugin Details

Severity: Medium

ID: 720181

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 5/7/2015

Vulnerability Publication Date: 5/7/2015

Reference Information

CVE: CVE-2014-9204