CVE-2018-14829: Buffer Overflow
First published: Thu Sep 20 2018(Updated: )
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Rslinx | <=4.00.01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-14829?
CVE-2018-14829 is a vulnerability in Rockwell Automation RSLinx Classic versions 4.00.01 and prior, which may allow a remote threat actor to crash the software application by sending a malformed CIP packet.
How severe is CVE-2018-14829?
CVE-2018-14829 has a severity rating of 9.8, which is considered critical.
Which software versions are affected by CVE-2018-14829?
CVE-2018-14829 affects Rockwell Automation RSLinx Classic versions up to and including 4.00.01.
What is the potential impact of CVE-2018-14829?
CVE-2018-14829 has the potential to crash the RSLinx Classic software application and possibly exploit a buffer overflow vulnerability.
Is there a fix for CVE-2018-14829?
Currently, there is no known fix for CVE-2018-14829. It is recommended to update to a newer version of Rockwell Automation RSLinx Classic if available or apply any patches released by the vendor.
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/rockwellautomation
- canonical/rockwellautomation rslinx
- version/rockwellautomation rslinx/4.00.01