Vulnerability Description
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Rslogix | <= 19 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/rslogix_1-adv.txtExploit
- http://securityreason.com/securityalert/8383
- http://www.securityfocus.com/bid/49608
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69808
- http://aluigi.altervista.org/adv/rslogix_1-adv.txtExploit
- http://securityreason.com/securityalert/8383
- http://www.securityfocus.com/bid/49608
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69808
FAQ
What is CVE-2011-3489?
CVE-2011-3489 is a vulnerability with a CVSS score of 5.0 (MEDIUM). RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 th...
How severe is CVE-2011-3489?
CVE-2011-3489 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3489?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Rslogix.