Rockwell
CVE-2012-6440
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
AnalysisAI
The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 Affected products include: Rockwellautomation Controllogix Controllers, Rockwellautomation Guardlogix Controllers, Rockwellautomation Micrologix, Rockwellautomation Softlogix Controllers, Rockwellautomation 1756-Enbt.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to int
All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. Rated high s
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Rated critical
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer.
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. Rated critical severity (CVSS 9.8), this vulnerability is
An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32B
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to imprope
The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware imag
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. Rated high severity (CVSS 8.1), this vul
In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager Thi
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Br
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today