CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2012/CVE-2012-6436.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

28 lines
2.5 KiB
Markdown
Raw Permalink Blame History

### [CVE-2012-6436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6436)
![](https://img.shields.io/static/v1?label=Product&message=1756-ENBT%2C%201756-EWEB%2C%201768-ENBT%2C%201768-EWEB%20communication%20modules&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=1788-ENBT%20FLEXLogix%20adapter&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=1794-AENTR%20FLEX%20I%2FO%20EtherNet%2FIP%20adapter&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CompactLogix%20L32E%20and%20L35E%20controllers&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CompactLogix%20and%20SoftLogix%20controllers&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=ControlLogix%20and%20GuardLogix%20controllers&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=ControlLogix%2C%20CompactLogix%2C%20GuardLogix%2C%20and%20SoftLogix&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=MicroLogix&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1100%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1400%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=All%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119&color=brightgreen)
### Description
The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
### POC
#### Reference
- https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
#### Github
No PoCs found on GitHub currently.
Reference in New Issue View Git Blame Copy Permalink