Vulnerability Details CVE-2018-14829
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.484
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-14829
-
cpe:2.3:a:rockwellautomation:rslinx:2.10.18
-
cpe:2.3:a:rockwellautomation:rslinx:2.20.02
-
cpe:2.3:a:rockwellautomation:rslinx:2.43.01
-
cpe:2.3:a:rockwellautomation:rslinx:2.50.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.51.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.52.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.53.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.54.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.55.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.56.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.57.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.57.00.14
-
cpe:2.3:a:rockwellautomation:rslinx:2.58.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.59.02
-
cpe:2.3:a:rockwellautomation:rslinx:3.51.01
-
cpe:2.3:a:rockwellautomation:rslinx:3.60.00
-
cpe:2.3:a:rockwellautomation:rslinx:3.61.00
-
cpe:2.3:a:rockwellautomation:rslinx:3.70.00
-
cpe:2.3:a:rockwellautomation:rslinx:3.71.00
-
cpe:2.3:a:rockwellautomation:rslinx:3.73.00
-
cpe:2.3:a:rockwellautomation:rslinx:3.74.00
-
cpe:2.3:a:rockwellautomation:rslinx:3.80.00
-
cpe:2.3:a:rockwellautomation:rslinx:3.81.00
-
cpe:2.3:a:rockwellautomation:rslinx:3.90.00
-
cpe:2.3:a:rockwellautomation:rslinx:3.90.01
-
cpe:2.3:a:rockwellautomation:rslinx:4.00.01