Rockwell Automation RSLinx Classic ENGINE.dll Stack Buffer Overflow (CVE-2019-6553)
Critical Nessus Plugin ID 123010
SynopsisA SCADA application running on the remote host is affected by a remote code execution vulnerability.
DescriptionThe RSLinx Classic running on the remote host is affected by a remote code execution vulnerability due to a stack buffer overflow condition when handling an EtherNet/IP message received on TCP port 44818. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to execute arbitrary code.
SolutionPatches are available for versions 4.10, 4.00.01, 3.90, 3.81, 3.80, 3.70, and 3.60. See vendor Knowledgebase Article ID 1085038 for more details.