CVE-2012-6441 in ControlLogix controllersinfo

Summary

by MITRE

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to obtain sensitive information via a crafted CIP packet.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/01/2025

The vulnerability identified as CVE-2012-6441 affects Rockwell Automation EtherNet/IP products across multiple controller and communication module families including 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB, CompactLogix L32E and L35E controllers, 1788-ENBT FLEXLogix adapter, 1794-AENTR FLEX I/O EtherNet/IP adapter, and various ControlLogix, CompactLogix, GuardLogix, and SoftLogix controllers from generations 18 and earlier through version 19. This flaw resides in the EtherNet/IP communication protocol implementation within these industrial control systems, specifically in how they process Common Industrial Protocol (CIP) packets. The vulnerability represents a significant security weakness that allows remote attackers to extract sensitive information from affected devices without requiring authentication or physical access to the network infrastructure.

The technical flaw manifests through improper input validation and insufficient access controls within the CIP packet processing mechanism. When a specially crafted CIP packet is transmitted to an affected device, the system fails to properly validate the packet structure and content, leading to information disclosure vulnerabilities. This type of vulnerability maps directly to CWE-200, which describes "Information Exposure," and CWE-284, which addresses "Improper Access Control." The vulnerability allows attackers to potentially extract configuration data, operational parameters, and other sensitive information that should remain confidential within industrial control systems. The attack vector is particularly concerning as it operates over the network without requiring any credentials, making it accessible to adversaries who may only have network visibility.

The operational impact of this vulnerability extends beyond simple information disclosure, as it can enable more sophisticated attacks within industrial environments. Attackers who successfully exploit this vulnerability can gain insights into system configurations, network topology, and operational parameters that could facilitate subsequent attacks. This information could be used to plan targeted attacks against specific control systems, identify system weaknesses, or develop more advanced exploitation techniques. The vulnerability particularly affects critical infrastructure sectors including manufacturing, energy, and process control environments where these Rockwell Automation devices are commonly deployed. According to ATT&CK framework, this vulnerability aligns with T1082 "System Information Discovery" and T1590 "Reconnaissance" tactics, as it enables adversaries to gather system information that would normally require more invasive techniques.

Organizations should implement immediate mitigations including network segmentation to isolate affected devices from general network traffic, deployment of network monitoring solutions to detect anomalous CIP packet patterns, and regular firmware updates from Rockwell Automation when available. The vulnerability highlights the importance of secure industrial protocol implementation and proper input validation within critical infrastructure systems. Network administrators should also consider implementing intrusion detection systems specifically tuned to detect malformed CIP packets and monitor for unusual information disclosure patterns. Given the long lifecycle of industrial control systems, organizations should conduct comprehensive vulnerability assessments across their entire industrial control network to identify all potentially affected devices and implement appropriate security controls to prevent exploitation of this and similar vulnerabilities.

Reservation

12/26/2012

Disclosure

01/24/2013

Moderation

accepted

Entry

VDB-63422

CPE

ready

EPSS

0.54168

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!