A malformed Common Industrial Protocol (CIP) packet can trigger a stack-based buffer overflow in affected Rockwell Automation Logix5000 controller firmware families. The impact is severe: the issue may allow code execution on the controller or a nonrecoverable fault that results in denial of service. Because the vulnerability is network-reachable and requires no authentication, it warrants urgent attentio [truncated]
CVE-2016-9338 is a low-severity Rockwell Automation controller issue where an authenticated administrator may be able to remove all administrative users. The affected controller still functions as a controller, but the ancillary web server administration function can be lost until a factory reset restores it.
CVE-2016-9334 describes a credential exposure issue in Rockwell Automation controller web interfaces. According to the NVD record, user credentials are transmitted to the web server in clear text, so anyone able to observe traffic between the browser and the controller may recover those credentials. NVD rates the issue 7.3 HIGH and lists affected MicroLogix 1100 models (and additional 1766-L32 variants) a [truncated]
