Rockwell Automation RSLinx
Summary
Rockwell Automation's RSLinx Classic software, versions 4.50.00 and earlier, is vulnerable to a stack-based buffer overflow. Successful exploitation could allow an attacker to remotely execute arbitrary code and cause a denial of service where the application becomes unresponsive.
IFF Assessment
This vulnerability allows for remote code execution and denial of service, posing a significant risk to critical infrastructure systems.
Severity
The CVSS score of 7.5 (v3) reflects the severity of the vulnerability, stemming from an out-of-bounds read that can lead to remote code execution and denial of service, impacting critical infrastructure sectors.
Defender Context
This advisory highlights a critical vulnerability in industrial control systems (ICS) software, impacting sectors like manufacturing and energy. Defenders should prioritize patching or applying mitigations for RSLinx Classic to prevent potential denial-of-service attacks and unauthorized code execution, which could disrupt essential services.