CVE-2011-3489

EPSS 9.0%

RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/17843unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://aluigi.altervista.org/adv/rslogix_1-adv.txt http://securityreason.com/securityalert/8383 https://exchange.xforce.ibmcloud.com/vulnerabilities/69808 http://www.securityfocus.com/bid/49608