Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:MISC:MULTIPLE-RCE |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Multiple Products Remote Code Execution |
Release Date |
2015/03/16 |
Update Number |
2475 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Multiple Products Remote Code Execution
This signature detects attempts to exploit a known vulnerability against multiple products. A successful exploit can lead to remote code execution.
Extended Description
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.
Affected Products
- Rockwellautomation rslinx 4.00.01
References
- CVE: CVE-2018-14829