What is GHSA-qrw8-3h67-8hff?

GHSA-qrw8-3h67-8hff is a security advisory published by GitHub Security Advisories with High severity. Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and...

Which CVE IDs does GHSA-qrw8-3h67-8hff cover?

GHSA-qrw8-3h67-8hff covers the following CVE IDs: CVE-2012-6438. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-qrw8-3h67-8hff?

GHSA-qrw8-3h67-8hff has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-qrw8-3h67-8hffHighCVSS 7.5

Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and...

Vendor

GitHub Security Advisories

Published

May 17, 2022

Last Modified

June 3, 2026

🔗 CVE IDs covered (1)

CVE-2012-6438 →

📋 Description

Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet.

🔗 References (8)

https://nvd.nist.gov/vuln/detail/CVE-2012-6438
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102
https://github.com/advisories/GHSA-qrw8-3h67-8hff