CVE-2019-6553

Vulnerability

A stack-based buffer overflow vulnerability (CWE-121) exists in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. The issue occurs in a .dll file where data from a Forward Open service request is passed to a fixed-size buffer without proper input validation, leading to a buffer overflow condition [1].

Exploitation

An attacker can exploit this vulnerability remotely over the network without authentication or user interaction. The attacker sends a specially crafted Forward Open service request to the target device on port 44818 (EtherNet/IP). The malformed data overflows the stack buffer, allowing control of execution flow [1].

Impact

Successful exploitation enables arbitrary code execution on the affected system. The CVSS v3 base score is 10.0 (Critical) with the vector string AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability across a changed scope [1].

Mitigation

Rockwell Automation has released patches for affected versions including v3.60, v3.70, v3.80, v3.81, v3.90, v4.00.01, and v4.10. These patches are available via Knowledgebase Article ID 1084828. As a workaround, users can disable UDP messages on port 44818 by unchecking "Accept UDP Messages on Ethernet Port" in RSLinx Classic Options, if unsolicited messages are not required [1].