Detections
Analytics

Rockwell Automation RSLinx Classic <= 4.00.01 Ethernet/IP Packet Triggered Crash (deprecated)

high Nessus Network Monitor Plugin ID 720183

Synopsis

Rockwell Automation RSLinx Classic allows a specially crafted Ethernet/IP packet to cause an application crash.

Description

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02

Plugin Details

Severity: High

ID: 720183

Family: SCADA

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference Information

CVE: CVE-2018-14827