Buffer overflow in Rockwellautomation 1768_compact_guardlogix_l4xs_controller
CVE-2016-9343
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protoc…
Vulnerability class: Buffer Overflow
EPSS: 0.105 (95.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Rockwellautomation 1768_compact_guardlogix_l4xs_controller
- Rockwellautomation 1768_compact_guardlogix_l4xs_controller_firmware — versions 18.00, 19.00, 20.00
- Rockwellautomation 1768_compactlogix_l4x_controller
- Rockwellautomation 1768_compactlogix_l4x_controller_firmware — versions 16.00, 16.020, 16.025
- Rockwellautomation 1769_compactlogix_5370_l1_controller
- Rockwellautomation 1769_compactlogix_5370_l1_controller_firmware — versions 20.00, 20.010, 20.013
- Rockwellautomation 1769_compactlogix_5370_l2_controller
- Rockwellautomation 1769_compactlogix_5370_l2_controller_firmware — versions 20.00, 20.010, 20.013
- Rockwellautomation 1769_compactlogix_5370_l3_controller
- Rockwellautomation 1769_compactlogix_5370_l3_controller_firmware — versions 20.00, 20.010, 20.013
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
- ics-cert@hq.dhs.gov (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2016-9343?
- CVE-2016-9343 is a critical-severity vulnerability in Rockwellautomation 1768_compact_guardlogix_l4xs_controller, classified under Out-of-bounds Write. CVSS score: 10.0/10. Published 2017-02-13.
- How severe is CVE-2016-9343?
- Critical severity. CVSS v3 base score is 10.0 out of 10.