Vulnerabilities > CVE-2021-32926 - Unspecified vulnerability in Rockwellautomation Micro800 Firmware and Micrologix 1400 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

rockwellautomation

NVD

Published: 2021-06-03

Updated: 2022-10-25

Summary

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation Micro800 Firmware * Rockwellautomation Micrologix 1400 Firmware 21.0 Rockwellautomation Micrologix 1400 Firmware 21.6 Rockwellautomation Micrologix 1400 Firmware 21.007	4
Hardware	Rockwellautomation Rockwellautomation Micro800 - Rockwellautomation Micrologix 1400 -	2

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02