SB2020101408 - Multiple vulnerabilities in Allen-Bradley Flex IO 1794-AENT/B

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020101408

SB2020101408 - Multiple vulnerabilities in Allen-Bradley Flex IO 1794-AENT/B

Published: October 14, 2020 Updated: February 3, 2021

Security Bulletin ID SB2020101408
Severity
Medium
Patch available
NO
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2020-6083)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the ENIP Request Path Port Segment functionality. A remote attacker can send a specially crafted network request, trigger memory corruption and cause a denial of service condition on the target system.


2) Buffer overflow (CVE-ID: CVE-2020-6084)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the ENIP Request Path Logical Segment functionality. A remote attacker can send an Electronic Key Segment with less bytes than required by the Key Format Table following the Key Format field, trigger memory corruption and cause a denial of service condition on the target system.


3) Buffer overflow (CVE-ID: CVE-2020-6085)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the ENIP Request Path Logical Segment functionality. A remote attacker can send an Electronic Key Segment with less than 0x18 bytes following the Key Format field, trigger memory corruption and cause a denial of service condition on the target system.


4) Buffer overflow (CVE-ID: CVE-2020-6086)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the ENIP Request Path Data Segment functionality. A remote attacker can suply the Simple Segment Sub-Type, trigger memory corruption and cause a denial of service condition on the target system.


5) Buffer overflow (CVE-ID: CVE-2020-6087)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the ENIP Request Path Data Segment functionality. A remote attacker can suply the ANSI Extended Symbol Segment Sub-Type, trigger memory corruption and cause a denial of service condition on the target system.


6) Buffer overflow (CVE-ID: CVE-2020-6088)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the ENIP Request Path Network Segment functionality. A remote attacker can suply the ANSI Extended Symbol Segment Sub-Type, trigger memory corruption and cause a denial of service condition on the target system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References