Vulnerability Description
Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Rslogix 500 Professional Edition | - |
| Rockwellautomation | Rslogix 500 Standard Edition | - |
| Rockwellautomation | Rslogix 500 Starter Edition | - |
| Rockwellautomation | Rslogix Micro Developer | - |
| Rockwellautomation | Rslogix Micro Starter Lite | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/92983
- https://ics-cert.us-cert.gov/advisories/ICSA-16-224-02MitigationPatchThird Party Advisory
- http://www.securityfocus.com/bid/92983
- https://ics-cert.us-cert.gov/advisories/ICSA-16-224-02MitigationPatchThird Party Advisory
FAQ
What is CVE-2016-5814?
CVE-2016-5814 is a vulnerability with a CVSS score of 8.6 (HIGH). Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remot...
How severe is CVE-2016-5814?
CVE-2016-5814 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5814?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Rslogix 500 Professional Edition, Rockwellautomation Rslogix 500 Standard Edition, Rockwellautomation Rslogix 500 Starter Edition, Rockwellautomation Rslogix Micro Developer, Rockwellautomation Rslogix Micro Starter Lite.