Vulnerabilities > CVE-2017-14464 - Unspecified vulnerability in Rockwellautomation Micrologix 1400 B Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

rockwellautomation

critical

NVD

Published: 2018-04-05

Updated: 2022-12-14

Summary

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed.

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation Micrologix 1400 B Firmware - Rockwellautomation Micrologix 1400 B Firmware 11.000 Rockwellautomation Micrologix 1400 B Firmware 12.001 Rockwellautomation Micrologix 1400 B Firmware 13.000 Rockwellautomation Micrologix 1400 B Firmware 13.003 Rockwellautomation Micrologix 1400 B Firmware 14.000 Rockwellautomation Micrologix 1400 B Firmware 14.002 Rockwellautomation Micrologix 1400 B Firmware 15.000 Rockwellautomation Micrologix 1400 B Firmware 15.001 Rockwellautomation Micrologix 1400 B Firmware 15.002 Rockwellautomation Micrologix 1400 B Firmware 15.003 Rockwellautomation Micrologix 1400 B Firmware 15.004 Rockwellautomation Micrologix 1400 B Firmware 15.005 Rockwellautomation Micrologix 1400 B Firmware 16.000 Rockwellautomation Micrologix 1400 B Firmware 16.001 Rockwellautomation Micrologix 1400 B Firmware 16.002 Rockwellautomation Micrologix 1400 B Firmware 21.000 Rockwellautomation Micrologix 1400 B Firmware 21.001 Rockwellautomation Micrologix 1400 B Firmware 21.002	19
Hardware	Rockwellautomation Rockwellautomation Micrologix 1400 -	1

Talos

id	TALOS-2017-0443
last seen	2019-05-29
published	2018-03-28
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443
title	Allen Bradley Micrologix 1400 Series B Unauthenticated Data/Program/Function File Improper Access Control Vulnerability

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443