CVE-2016-0868

Published Jan 28, 2016

Last updated 8 years ago

CVSS critical 9.8

Overview

Description: Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1100:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FA98842B-9D09-4C37-AB34-4E9FA566BAD8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:15.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28EE99BF-DE73-43F3-8B32-5994ADF18B0B"
          },
          {
            "criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:15.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0119994-7DBE-4FA8-B1F9-46DA90A1A466"
          },
          {
            "criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:15.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED15914A-4444-4037-B890-87BAF02C2E21"
          },
          {
            "criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:15.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EA168A4-E045-467B-B0C6-6197A7FBA4AE"
          },
          {
            "criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:15.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED9963A5-A183-4AFA-BEF9-60947B242C25"
          },
          {
            "criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:15.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA17E2CF-804F-4BC0-AE99-A93BBE87B2FE"
          },
          {
            "criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:15.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8FBE2BE-F8D1-4DCB-8804-AA280923465C"
          },
          {
            "criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:15.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43E92DEC-E63E-4A52-BD5F-20FDBC8BF5BA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References