Rockwell RSLogix Overflow Vulnerability
September 13, 2011 (revised October 6, 2011)
Luigi Auriemma has publically disclosed a vulnerability with
the Rockwell RSLogix application.
RSLogix is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the application,
denying service to legitimate users.
RSLogix 5000 versions V17, V18 and V19 are vulnerable. In
additional, all FactoryTalk-branded software versions CPR9
and CPR9-SR1 through SR4 are vulnerable. Other versions may also be
affected.
Rockwell has produced patches that mitigate this
vulnerability for all affected versions of FactoryTalk
Services Platform and RSLogix 5000.