First published: Thu Apr 05 2018(Updated: )
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Micrologix 1400 B Firmware | <=21.2 | |
Rockwellautomation Micrologix 1400 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2017-14464.
The severity of CVE-2017-14464 is critical with a score of 9.8.
The affected software for CVE-2017-14464 is Allen Bradley Micrologix 1400 Series B FRN 21.2 and before.
CVE-2017-14464 can potentially lead to disclosure of sensitive information or modification of data.
It is recommended to update to a version of Allen Bradley Micrologix 1400 Series B firmware that is after version 21.2 to mitigate the vulnerability.