APP: Rockwell Automation RSLinx Classic CIP SendRRData CVE-2018-14821 Heap Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Rockwell Automation RSLinx Classic. Successful exploitation could lead to buffer overflow or crash of the vulnerable application.

Extended Description

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.

Affected Products

Rockwellautomation rslinx

Short Name
APP:CVE-2018-14821-BO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
Automation Buffer CIP CVE-2018-14821 Classic Heap Overflow RSLinx Rockwell SendRRData
Release Date
02/25/2019
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Rockwellautomation

CVSS Score

5.0

Found a potential security threat?