RETIRED: RSLinx Enterprise 'Logger.dll' Denial of Service Vulnerability
BID:58915
Info
RETIRED: RSLinx Enterprise 'Logger.dll' Denial of Service Vulnerability
| Bugtraq ID: | 58915 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-4715 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2013 12:00AM |
| Updated: | Oct 09 2013 01:06AM |
| Credit: | Carsten Eiram of Risk Based Security |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
RETIRED: RSLinx Enterprise 'Logger.dll' Denial of Service Vulnerability
RSLinx Enterprise is prone to a denial-of-service vulnerability because the application fails to properly handle the input submitted to it.
An attacker can exploit this issue to terminate the affected service of the vulnerable application, denying service to legitimate users. Due to nature of this issue code execution is possible but Symantec has not confirmed it.
Note: This BID is being retired as a duplicate of the issue discussed in BID 58917 (RSLinx Enterprise 'Logger.dll' CVE-2012-4695 Denial of Service Vulnerability).
The following versions are affected:
RSLinx Enterprise CPR9-SR2
RSLinx Enterprise CPR9-SR3
RSLinx Enterprise CPR9-SR4
RSLinx Enterprise CPR9-SR5
RSLinx Enterprise CPR9-SR5.1
RSLinx Enterprise CPR9-SR6
RSLinx Enterprise is prone to a denial-of-service vulnerability because the application fails to properly handle the input submitted to it.
An attacker can exploit this issue to terminate the affected service of the vulnerable application, denying service to legitimate users. Due to nature of this issue code execution is possible but Symantec has not confirmed it.
Note: This BID is being retired as a duplicate of the issue discussed in BID 58917 (RSLinx Enterprise 'Logger.dll' CVE-2012-4695 Denial of Service Vulnerability).
The following versions are affected:
RSLinx Enterprise CPR9-SR2
RSLinx Enterprise CPR9-SR3
RSLinx Enterprise CPR9-SR4
RSLinx Enterprise CPR9-SR5
RSLinx Enterprise CPR9-SR5.1
RSLinx Enterprise CPR9-SR6
Exploit / POC
RETIRED: RSLinx Enterprise 'Logger.dll' Denial of Service Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RETIRED: RSLinx Enterprise 'Logger.dll' Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
RETIRED: RSLinx Enterprise 'Logger.dll' Denial of Service Vulnerability
References:
References:
- Rockwell Automation Homepage (Rockwell Automation)