RnaUtility.dll in RsvcHost.exe 126.96.36.199 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.
RSLogix is prone to a denial-of-service vulnerability.Attackers can exploit this issue to crash the application, denying service to legitimate users. RSLogix 5000 is vulnerable. Other versions may also be affected.
Vendor updates are available. Please contact the vendor for more information.
Exploit code is available. Please see the references for information.