CVE-2012-6439

CVE-2012-6439 is a high-severity vulnerability in Rockwellautomation Controllogix Controllers with a CVSS 2.0 base score of 8.5. Its EPSS exploit-prediction score of 28% places it in the 98th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-284.

Key facts

Description

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.  Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Frequently asked questions

What is CVE-2012-6439?
When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation could cause loss of availability and a disruption of communication with other connected devices.  Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
How severe is CVE-2012-6439?
CVE-2012-6439 has a CVSS 2.0 base score of 8.5, rated high severity.
Is CVE-2012-6439 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 28% (98th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2012-6439?
CVE-2012-6439 primarily affects Rockwellautomation Controllogix Controllers. In total, 17 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2012-6439?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
When was CVE-2012-6439 published?
CVE-2012-6439 was published on 2013-01-24 and last updated on 2026-06-16.

References

Affected products (17)

More vulnerabilities in Rockwellautomation Controllogix Controllers

All CVEs affecting Rockwellautomation Controllogix Controllers →

Other CWE-284 (Improper Access Control) vulnerabilities

Browse all CWE-284 (Improper Access Control) vulnerabilities →