CVE-2012-6437 in ControlLogix controllersinfo

Summary

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

12/26/2012

Disclosure

01/24/2013

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-287

CVSS

10.0

EPSS

0.11818

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-6437
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-6437
CVE Details	https://www.cvedetails.com/cve/CVE-2012-6437/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!