CVE-2016-9343: Buffer Overflow
First published: Mon Feb 13 2017(Updated: )
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation SoftLogix 5800 Firmware | =18.00 | |
| Rockwell Automation SoftLogix 5800 Firmware | =19.00 | |
| Rockwell Automation SoftLogix 5800 Firmware | =20.00 | |
| Rockwell Automation SoftLogix 5800 Firmware | =21.00 | |
| Rockwell Automation SoftLogix 5800 Controller | ||
| Rockwell Automation RSLogix Emulate 5000 | =18.00 | |
| Rockwell Automation RSLogix Emulate 5000 | =19.00 | |
| Rockwell Automation RSLogix Emulate 5000 | =20.00 | |
| Rockwell Automation RSLogix Emulate 5000 | =21.00 | |
| Rockwell Automation Studio 5000 Logix Emulate | ||
| Rockwell Automation GuardLogix 5570 Controller firmware | =16.00 | |
| Rockwell Automation GuardLogix 5570 Controller firmware | =17.00 | |
| Rockwell Automation GuardLogix 5570 Controller firmware | =18.00 | |
| Rockwell Automation GuardLogix 5570 Controller firmware | =19.00 | |
| Rockwell Automation GuardLogix 5570 Controller firmware | =20.00 | |
| Rockwell Automation GuardLogix 5570 Controller firmware | =20.010 | |
| Rockwell Automation GuardLogix 5570 Controller firmware | =20.017 | |
| Rockwell Automation GuardLogix 5570 Controller firmware | =21.00 | |
| Rockwell Automation GuardLogix 5570 Controller firmware | ||
| FLEXLogix firmware | =16.00 | |
| Rockwell Automation FlexLogix 1794-L34 | ||
| Rockwell Automation ControlLogix L55 Controller | =16.00 | |
| Rockwell Automation ControlLogix L55 Controller | =16.020 | |
| Rockwell Automation ControlLogix L55 Controller | =16.022 | |
| Rockwell Automation ControlLogix L55 Controller | ||
| ControlLogix 5570 redundant Controller firmware | =20.00 | |
| ControlLogix 5570 redundant Controller firmware | =20.050 | |
| ControlLogix 5570 redundant Controller firmware | =20.055 | |
| ControlLogix 5570 redundant Controller firmware | =21.00 | |
| Rockwell Automation ControlLogix 5570 Redundant Controller | ||
| rockwellautomation ControlLogix 5570 firmware | =18.00 | |
| rockwellautomation ControlLogix 5570 firmware | =19.00 | |
| rockwellautomation ControlLogix 5570 firmware | =20.010 | |
| rockwellautomation ControlLogix 5570 firmware | =20.013 | |
| rockwellautomation ControlLogix 5570 firmware | =21.00 | |
| Rockwell Automation ControlLogix 5570 | ||
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =16.00 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =19.00 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =20.00 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =20.050 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =20.055 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | ||
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =16.00 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =16.020 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =16.022 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =17.00 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =18.00 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =19.00 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =20.00 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =20.010 | |
| Rockwell Automation ControlLogix 5560 Redundant Controller Firmware | =20.013 | |
| ControlLogix 5560 | ||
| Rockwell Automation 1769 CompactLogix L3X Controller Firmware | =16.00 | |
| Rockwell Automation 1769 CompactLogix L3X Controller Firmware | =16.020 | |
| Rockwell Automation 1769 CompactLogix L3X Controller Firmware | =16.023 | |
| Rockwell Automation 1769 CompactLogix L3X Controller Firmware | =17.00 | |
| Rockwell Automation 1769 CompactLogix L3X Controller Firmware | =18.00 | |
| Rockwell Automation 1769 CompactLogix L3X Controller Firmware | =19.00 | |
| Rockwell Automation 1769 CompactLogix L3X Controller Firmware | =20.00 | |
| Rockwell Automation 1769 CompactLogix L3X Controller Firmware | =20.010 | |
| Rockwell Automation 1769 CompactLogix L3X Controller Firmware | =20.013 | |
| Rockwell Automation 1769 CompactLogix L3X Controller Firmware | ||
| Rockwell Automation 1769 CompactLogix L23X Controller firmware | =16.00 | |
| Rockwell Automation 1769 CompactLogix L23X Controller firmware | =17.00 | |
| Rockwell Automation 1769 CompactLogix L23X Controller firmware | =18.00 | |
| Rockwell Automation 1769 CompactLogix L23X Controller firmware | =19.00 | |
| Rockwell Automation 1769 CompactLogix L23X Controller firmware | =20.00 | |
| Rockwell Automation 1769 CompactLogix L23X Controller firmware | =20.010 | |
| Rockwell Automation 1769 CompactLogix L23X Controller firmware | =20.013 | |
| CompactLogix controllers | ||
| Rockwell Automation 1769 CompactLogix 5370 L3 Controller Firmware | =20.00 | |
| Rockwell Automation 1769 CompactLogix 5370 L3 Controller Firmware | =20.010 | |
| Rockwell Automation 1769 CompactLogix 5370 L3 Controller Firmware | =20.013 | |
| Rockwell Automation 1769 CompactLogix 5370 L3 Controller Firmware | =21.00 | |
| Rockwell Automation 1769 CompactLogix 5370 L3 Controller Firmware | ||
| Rockwell Automation 1769 CompactLogix 5370 L2 Controller | =20.00 | |
| Rockwell Automation 1769 CompactLogix 5370 L2 Controller | =20.010 | |
| Rockwell Automation 1769 CompactLogix 5370 L2 Controller | =20.013 | |
| Rockwell Automation 1769 CompactLogix 5370 L2 Controller | =21.00 | |
| Rockwell Automation 1769 CompactLogix 5370 L2 Controller | ||
| Rockwell Automation 1769 CompactLogix 5370 L1 Controller | =20.00 | |
| Rockwell Automation 1769 CompactLogix 5370 L1 Controller | =20.010 | |
| Rockwell Automation 1769 CompactLogix 5370 L1 Controller | =20.013 | |
| Rockwell Automation 1769 CompactLogix 5370 L1 Controller | =21.00 | |
| Rockwell Automation 1769 CompactLogix 5370 L1 Controller | ||
| Rockwell Automation 1768 CompactLogix L4X Controller | =16.00 | |
| Rockwell Automation 1768 CompactLogix L4X Controller | =16.020 | |
| Rockwell Automation 1768 CompactLogix L4X Controller | =16.025 | |
| Rockwell Automation 1768 CompactLogix L4X Controller | =17.00 | |
| Rockwell Automation 1768 CompactLogix L4X Controller | =18.00 | |
| Rockwell Automation 1768 CompactLogix L4X Controller | =19.00 | |
| Rockwell Automation 1768 CompactLogix L4X Controller | =20.00 | |
| Rockwell Automation 1768 CompactLogix L4X Controller | =20.011 | |
| Rockwell Automation 1768 CompactLogix L4X Controller | =20.016 | |
| Rockwell Automation 1768 CompactLogix L4X Controller | ||
| Rockwell Automation 1768 Compact GuardLogix L4Xs Controller | =18.00 | |
| Rockwell Automation 1768 Compact GuardLogix L4Xs Controller | =19.00 | |
| Rockwell Automation 1768 Compact GuardLogix L4Xs Controller | =20.00 | |
| Rockwell Automation 1768 Compact GuardLogix L4Xs Controller | =20.011 | |
| Rockwell Automation 1768 Compact GuardLogix L4Xs Controller | =20.013 | |
| Rockwell Automation 1768 Compact GuardLogix L4Xs Controller |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-9343?
CVE-2016-9343 has a medium severity level due to the potential for a stack overflow that can be exploited via malformed CIP packets.
How do I fix CVE-2016-9343?
To mitigate CVE-2016-9343, update the firmware of the affected Rockwell Automation controllers to versions beyond FRN 21.00.
Which versions are affected by CVE-2016-9343?
CVE-2016-9343 affects Rockwell Automation Logix5000 controllers with firmware versions FRN 16.00 through 21.00.
What type of impact can CVE-2016-9343 have on systems?
Exploitation of CVE-2016-9343 could allow an attacker to crash the affected system or potentially execute arbitrary code.
Is my Rockwell Automation device vulnerable to CVE-2016-9343?
To determine vulnerability to CVE-2016-9343, check if your device operates with firmware versions FRN 16.00 to 21.00.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/rockwellautomation
- canonical/rockwell automation softlogix 5800 firmware
- version/rockwell automation softlogix 5800 firmware/18.00
- version/rockwell automation softlogix 5800 firmware/19.00
- version/rockwell automation softlogix 5800 firmware/20.00
- version/rockwell automation softlogix 5800 firmware/21.00
- canonical/rockwell automation softlogix 5800 controller
- canonical/rockwell automation rslogix emulate 5000
- version/rockwell automation rslogix emulate 5000/18.00
- version/rockwell automation rslogix emulate 5000/19.00
- version/rockwell automation rslogix emulate 5000/20.00
- version/rockwell automation rslogix emulate 5000/21.00
- canonical/rockwell automation studio 5000 logix emulate
- canonical/rockwell automation guardlogix 5570 controller firmware
- version/rockwell automation guardlogix 5570 controller firmware/16.00
- version/rockwell automation guardlogix 5570 controller firmware/17.00
- version/rockwell automation guardlogix 5570 controller firmware/18.00
- version/rockwell automation guardlogix 5570 controller firmware/19.00
- version/rockwell automation guardlogix 5570 controller firmware/20.00
- version/rockwell automation guardlogix 5570 controller firmware/20.010
- version/rockwell automation guardlogix 5570 controller firmware/20.017
- version/rockwell automation guardlogix 5570 controller firmware/21.00
- canonical/flexlogix firmware
- version/flexlogix firmware/16.00
- canonical/rockwell automation flexlogix 1794-l34
- canonical/rockwell automation controllogix l55 controller
- version/rockwell automation controllogix l55 controller/16.00
- version/rockwell automation controllogix l55 controller/16.020
- version/rockwell automation controllogix l55 controller/16.022
- canonical/controllogix 5570 redundant controller firmware
- version/controllogix 5570 redundant controller firmware/20.00
- version/controllogix 5570 redundant controller firmware/20.050
- version/controllogix 5570 redundant controller firmware/20.055
- version/controllogix 5570 redundant controller firmware/21.00
- canonical/rockwell automation controllogix 5570 redundant controller
- canonical/rockwellautomation controllogix 5570 firmware
- version/rockwellautomation controllogix 5570 firmware/18.00
- version/rockwellautomation controllogix 5570 firmware/19.00
- version/rockwellautomation controllogix 5570 firmware/20.010
- version/rockwellautomation controllogix 5570 firmware/20.013
- version/rockwellautomation controllogix 5570 firmware/21.00
- canonical/rockwell automation controllogix 5570
- canonical/rockwell automation controllogix 5560 redundant controller firmware
- version/rockwell automation controllogix 5560 redundant controller firmware/16.00
- version/rockwell automation controllogix 5560 redundant controller firmware/19.00
- version/rockwell automation controllogix 5560 redundant controller firmware/20.00
- version/rockwell automation controllogix 5560 redundant controller firmware/20.050
- version/rockwell automation controllogix 5560 redundant controller firmware/20.055
- version/rockwell automation controllogix 5560 redundant controller firmware/16.020
- version/rockwell automation controllogix 5560 redundant controller firmware/16.022
- version/rockwell automation controllogix 5560 redundant controller firmware/17.00
- version/rockwell automation controllogix 5560 redundant controller firmware/18.00
- version/rockwell automation controllogix 5560 redundant controller firmware/20.010
- version/rockwell automation controllogix 5560 redundant controller firmware/20.013
- canonical/controllogix 5560
- canonical/rockwell automation 1769 compactlogix l3x controller firmware
- version/rockwell automation 1769 compactlogix l3x controller firmware/16.00
- version/rockwell automation 1769 compactlogix l3x controller firmware/16.020
- version/rockwell automation 1769 compactlogix l3x controller firmware/16.023
- version/rockwell automation 1769 compactlogix l3x controller firmware/17.00
- version/rockwell automation 1769 compactlogix l3x controller firmware/18.00
- version/rockwell automation 1769 compactlogix l3x controller firmware/19.00
- version/rockwell automation 1769 compactlogix l3x controller firmware/20.00
- version/rockwell automation 1769 compactlogix l3x controller firmware/20.010
- version/rockwell automation 1769 compactlogix l3x controller firmware/20.013
- canonical/rockwell automation 1769 compactlogix l23x controller firmware
- version/rockwell automation 1769 compactlogix l23x controller firmware/16.00
- version/rockwell automation 1769 compactlogix l23x controller firmware/17.00
- version/rockwell automation 1769 compactlogix l23x controller firmware/18.00
- version/rockwell automation 1769 compactlogix l23x controller firmware/19.00
- version/rockwell automation 1769 compactlogix l23x controller firmware/20.00
- version/rockwell automation 1769 compactlogix l23x controller firmware/20.010
- version/rockwell automation 1769 compactlogix l23x controller firmware/20.013
- canonical/compactlogix controllers
- canonical/rockwell automation 1769 compactlogix 5370 l3 controller firmware
- version/rockwell automation 1769 compactlogix 5370 l3 controller firmware/20.00
- version/rockwell automation 1769 compactlogix 5370 l3 controller firmware/20.010
- version/rockwell automation 1769 compactlogix 5370 l3 controller firmware/20.013
- version/rockwell automation 1769 compactlogix 5370 l3 controller firmware/21.00
- canonical/rockwell automation 1769 compactlogix 5370 l2 controller
- version/rockwell automation 1769 compactlogix 5370 l2 controller/20.00
- version/rockwell automation 1769 compactlogix 5370 l2 controller/20.010
- version/rockwell automation 1769 compactlogix 5370 l2 controller/20.013
- version/rockwell automation 1769 compactlogix 5370 l2 controller/21.00
- canonical/rockwell automation 1769 compactlogix 5370 l1 controller
- version/rockwell automation 1769 compactlogix 5370 l1 controller/20.00
- version/rockwell automation 1769 compactlogix 5370 l1 controller/20.010
- version/rockwell automation 1769 compactlogix 5370 l1 controller/20.013
- version/rockwell automation 1769 compactlogix 5370 l1 controller/21.00
- canonical/rockwell automation 1768 compactlogix l4x controller
- version/rockwell automation 1768 compactlogix l4x controller/16.00
- version/rockwell automation 1768 compactlogix l4x controller/16.020
- version/rockwell automation 1768 compactlogix l4x controller/16.025
- version/rockwell automation 1768 compactlogix l4x controller/17.00
- version/rockwell automation 1768 compactlogix l4x controller/18.00
- version/rockwell automation 1768 compactlogix l4x controller/19.00
- version/rockwell automation 1768 compactlogix l4x controller/20.00
- version/rockwell automation 1768 compactlogix l4x controller/20.011
- version/rockwell automation 1768 compactlogix l4x controller/20.016
- canonical/rockwell automation 1768 compact guardlogix l4xs controller
- version/rockwell automation 1768 compact guardlogix l4xs controller/18.00
- version/rockwell automation 1768 compact guardlogix l4xs controller/19.00
- version/rockwell automation 1768 compact guardlogix l4xs controller/20.00
- version/rockwell automation 1768 compact guardlogix l4xs controller/20.011
- version/rockwell automation 1768 compact guardlogix l4xs controller/20.013