The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
Security readout for executives and security teams
This is an availability risk in older Rockwell Automation industrial networking components. A network attacker who can reach specific EtherNet/IP services could crash the device network interface, disrupting PLC communications. The sources do not show data theft or process modification, but loss of communication in industrial control environments can create operational impact. Likely exposure is Rockwell Automation EtherNet/IP communication modules, listed CompactLogix, ControlLogix, GuardLogix, SoftLogix, FLEXLogix, FLEX I/O adapters, and MicroLogix 1100/1400 where EtherNet/IP ports are reachable from untrusted networks. Treat as high priority where affected Rockwell devices support live production processes or are reachable outside tightly controlled ICS networks. The main business concern is communication disruption, not confirmed compromise or data loss. Mitigation focus: Review CISA ICSA-13-011-03 and Rockwell advisories for version-specific vendor guidance.; Inventory affected Rockwell EtherNet/IP modules and controllers in operational environments.; Restrict TCP/UDP 2222 and 44818 to trusted ICS management networks only..
Prepared
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-119: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.