How severe is CVE-2012-6435?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Rockwell Automation 1756-enbt, 1756-eweb, 1768-enbt, 1768-eweb Communication Modules

CVE-2012-6435

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a Do…

EPSS: 0.419 (98.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Rockwell Automation 1756-enbt, 1756-eweb, 1768-enbt, 1768-eweb Communication Modules — versions All
Rockwell Automation 1788-enbt Flexlogix Adapter — versions All
Rockwell Automation 1794-aentr Flex I/o Ethernet/ip Adapter — versions All
Rockwell Automation Compactlogix And Softlogix Controllers — versions 0
Rockwell Automation Compactlogix L32e And L35e Controllers — versions All
Rockwell Automation Controllogix And Guardlogix Controllers — versions 0
Rockwell Automation Controllogix, Compactlogix, Guardlogix, And Softlogix — versions 0
Rockwell Automation Micrologix — versions 1400, 1100
Rockwellautomation 1756-enbt
Rockwellautomation 1756-eweb

Weakness classification (CWE)

References

ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
af854a3a-2127-422b-91ae-364da2661108 (US Government Resource)

Frequently asked questions

What is CVE-2012-6435?: CVE-2012-6435 is a high-severity vulnerability in Rockwell Automation 1756-enbt, 1756-eweb, 1768-enbt, 1768-eweb Communication Modules, classified under Improper Access Control. CVSS score: 7.5/10. Published 2013-01-24.
How severe is CVE-2012-6435?: High severity. CVSS v3 base score is 7.5 out of 10.