First published: Wed Mar 28 2018(Updated: )
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is considered NaN for the Float data type. When a float is set to this value and used in the PLC, a fault is triggered. NOTE: This is not possible through RSLogix.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Micrologix 1400 B Firmware | <=21.2 | |
Rockwellautomation Micrologix 1400 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-14470 is an access control vulnerability in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before.
CVE-2017-14470 has a severity rating of 9.8 (critical).
The affected software for CVE-2017-14470 is Rockwellautomation Micrologix 1400 B Firmware version up to and including 21.2.
CVE-2017-14470 is an access control vulnerability that can be exploited through a specially crafted packet to perform unauthorized read or write operations, potentially leading to the disclosure of sensitive information or modification of data.
You can find more information about CVE-2017-14470 at the following link: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443