BID:58917

RSLinx Enterprise 'Logger.dll' CVE-2012-4695 Denial of Service Vulnerability

Info

RSLinx Enterprise 'Logger.dll' CVE-2012-4695 Denial of Service Vulnerability

Bugtraq ID:	58917
Class:	Input Validation Error
CVE:	CVE-2012-4695
Remote:	Yes
Local:	No
Published:	Apr 05 2013 12:00AM
Updated:	Oct 09 2013 12:46AM
Credit:	Carsten Eiram of Risk Based Security.
Vulnerable:

Not Vulnerable:

Discussion

RSLinx Enterprise 'Logger.dll' CVE-2012-4695 Denial of Service Vulnerability

RSLinx Enterprise is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users.

The following versions are vulnerable:

RSLinx Enterprise CPR9
RSLinx Enterprise CPR9-SR1
RSLinx Enterprise CPR9-SR2
RSLinx Enterprise CPR9-SR3
RSLinx Enterprise CPR9-SR4
RSLinx Enterprise CPR9-SR5
RSLinx Enterprise CPR9-SR5.1
RSLinx Enterprise CPR9-SR6

Exploit / POC

RSLinx Enterprise 'Logger.dll' CVE-2012-4695 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

RSLinx Enterprise 'Logger.dll' CVE-2012-4695 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

RSLinx Enterprise 'Logger.dll' CVE-2012-4695 Denial of Service Vulnerability

References:

Rockwell Automation Homepage (Rockwell Automation)
RSLinx Homepage (Rockwell Software)