CVE-2016-9343

critical

Published 2017-02-13 · Modified 2026-05-13

CVSS v3

10.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

10.0

Description

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.

Predictions

Exploit likelihood

98%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

http://www.securityfocus.com/bid/95304
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05
http://www.securityfocus.com/bid/95304
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05

CWEs

CWE-787

Verify integrity in audit chain (admin only). AS-IS.