APP: Rockwell Automation RSLinx Classic Forward Open Electronic Key Stack Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Rockwell Automation RSLinx Classic. The vulnerability is due to a flaw in the module that processes CIP SendRRData messages with overly large size field within the Electronic Key segment in the Connection Path. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could lead to buffer overflow or crash of the vulnerable application.
Extended Description
A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition.
Affected Products
Rockwellautomation rslinx
References
CVE: CVE-2019-6553
Short Name
APP:MISC:RKWL-RRDATA-OF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
Automation Buffer CVE-2019-6553 Classic Electronic Forward Key Open Overflow RSLinx Rockwell Stack
Release Date
03/14/2019
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Rockwellautomation
CVSS Score
7.5