CVE-2018-14821: Buffer Overflow
First published: Thu Sep 20 2018(Updated: )
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Rslinx | <=4.00.01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2018-14821.
What is the severity level of CVE-2018-14821?
The severity level of CVE-2018-14821 is high with a score of 7.5 out of 10.
What is the affected software version?
The affected software version is Rockwell Automation RSLinx Classic Versions up to and including 4.00.01.
How does this vulnerability affect Rockwell Automation RSLinx Classic?
This vulnerability allows a remote, unauthenticated threat actor to send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate.
How can I mitigate this vulnerability?
To mitigate this vulnerability, it is recommended to update to a version of Rockwell Automation RSLinx Classic that is later than 4.00.01.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/rockwellautomation
- canonical/rockwellautomation rslinx
- version/rockwellautomation rslinx/4.00.01