CVE-2012-0221

The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet.

Published: Apr 2, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-0221
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
rockwellautomation / rslogix_5000	18	18.x
rockwellautomation / factorytalk	cpr9_sr5	cpr9_sr5.x
rockwellautomation / rslogix_5000	19	19.x
rockwellautomation / factorytalk	cpr9	cpr9.x
rockwellautomation / rslogix_5000	20	20.x
rockwellautomation / rslogix_5000	17	17.x

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937
http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf

Vulnerability Database

289,871

CVE-2012-0221