CVE-2016-9343

Name: CVE-2016-9343
Creator: NVD / NIST
Published: 2017-02-13T21:59:01.707+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 10/10EPSS 10.49%

Last modified Jun 17, 2026

CVE-2016-9343 is a critical-severity vulnerability rated 10/10 on the CVSS scale. An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.. EPSS estimates a 10.49% chance of exploitation in the next 30 days.

Description

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.

Metrics

CVSS 3.1

10/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

10.49%

95.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Rockwellautomation	Softlogix 5800 Controller Firmware	18.00
Rockwellautomation	Softlogix 5800 Controller Firmware	19.00
Rockwellautomation	Softlogix 5800 Controller Firmware	20.00
Rockwellautomation	Softlogix 5800 Controller Firmware	21.00
Rockwellautomation	Rslogix Emulate 5000 Firmware	18.00
Rockwellautomation	Rslogix Emulate 5000 Firmware	19.00
Rockwellautomation	Rslogix Emulate 5000 Firmware	20.00
Rockwellautomation	Rslogix Emulate 5000 Firmware	21.00
Rockwellautomation	Guardlogix 5570 Controller Firmware	16.00
Rockwellautomation	Guardlogix 5570 Controller Firmware	17.00
Rockwellautomation	Guardlogix 5570 Controller Firmware	18.00
Rockwellautomation	Guardlogix 5570 Controller Firmware	19.00
Rockwellautomation	Guardlogix 5570 Controller Firmware	20.00
Rockwellautomation	Guardlogix 5570 Controller Firmware	20.010
Rockwellautomation	Guardlogix 5570 Controller Firmware	20.017
Rockwellautomation	Guardlogix 5570 Controller Firmware	21.00
Rockwellautomation	Flexlogix L34 Controller Firmware	16.00
Rockwellautomation	Controllogix L55 Controller Firmware	16.00
Rockwellautomation	Controllogix L55 Controller Firmware	16.020
Rockwellautomation	Controllogix L55 Controller Firmware	16.022
Rockwellautomation	Controllogix 5570 Redundant Controller Firmware	20.00
Rockwellautomation	Controllogix 5570 Redundant Controller Firmware	20.050
Rockwellautomation	Controllogix 5570 Redundant Controller Firmware	20.055
Rockwellautomation	Controllogix 5570 Redundant Controller Firmware	21.00
Rockwellautomation	Controllogix 5570 Controller Firmware	18.00
Rockwellautomation	Controllogix 5570 Controller Firmware	19.00
Rockwellautomation	Controllogix 5570 Controller Firmware	20.010
Rockwellautomation	Controllogix 5570 Controller Firmware	20.013
Rockwellautomation	Controllogix 5570 Controller Firmware	21.00
Rockwellautomation	Controllogix 5560 Redundant Controller Firmware	16.00
Rockwellautomation	Controllogix 5560 Redundant Controller Firmware	19.00
Rockwellautomation	Controllogix 5560 Redundant Controller Firmware	20.00
Rockwellautomation	Controllogix 5560 Redundant Controller Firmware	20.050
Rockwellautomation	Controllogix 5560 Redundant Controller Firmware	20.055
Rockwellautomation	Controllogix 5560 Controller Firmware	16.00
Rockwellautomation	Controllogix 5560 Controller Firmware	16.020
Rockwellautomation	Controllogix 5560 Controller Firmware	16.022
Rockwellautomation	Controllogix 5560 Controller Firmware	17.00
Rockwellautomation	Controllogix 5560 Controller Firmware	18.00
Rockwellautomation	Controllogix 5560 Controller Firmware	19.00
Rockwellautomation	Controllogix 5560 Controller Firmware	20.00
Rockwellautomation	Controllogix 5560 Controller Firmware	20.010
Rockwellautomation	Controllogix 5560 Controller Firmware	20.013
Rockwellautomation	1769 Compactlogix L3x Controller Firmware	16.00
Rockwellautomation	1769 Compactlogix L3x Controller Firmware	16.020
Rockwellautomation	1769 Compactlogix L3x Controller Firmware	16.023
Rockwellautomation	1769 Compactlogix L3x Controller Firmware	17.00
Rockwellautomation	1769 Compactlogix L3x Controller Firmware	18.00
Rockwellautomation	1769 Compactlogix L3x Controller Firmware	19.00
Rockwellautomation	1769 Compactlogix L3x Controller Firmware	20.00

Showing 50 of 85 affected configurations. See NVD for the full list.

References

http://www.securityfocus.com/bid/95304Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/95304Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05Third Party Advisory, US Government Resource

Timeline

Published: Feb 13, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-9343?

How severe is CVE-2016-9343?

CVE-2016-9343 has a CVSS score of 10/10 (CRITICAL severity). The EPSS model estimates a 10.49% probability of exploitation in the next 30 days.

How do I fix CVE-2016-9343?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-9343?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST