First published: Fri Dec 07 2018(Updated: )
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Micrologix 1400 Firmware | ||
Rockwellautomation Micrologix 1400 | ||
Rockwellautomation 1756-enbt Firmware | ||
Rockwellautomation 1756-enbt | ||
Rockwellautomation 1756-eweb Series A Firmware | ||
Rockwellautomation 1756-eweb Series A | ||
Rockwellautomation 1756-eweb Series B Firmware | ||
Rockwellautomation 1756-eweb Series B | ||
Rockwellautomation 1756-en2f Series A Firmware | ||
Rockwellautomation 1756-en2f Series A | ||
Rockwellautomation 1756-en2f Series B Firmware | ||
Rockwellautomation 1756-en2f Series B | ||
Rockwellautomation 1756-en2f Series C Firmware | <=10.10 | |
Rockwellautomation 1756-en2f Series C | ||
Rockwellautomation 1756-en2t Series A Firmware | ||
Rockwellautomation 1756-en2t Series A | ||
Rockwellautomation 1756-en2t Series B Firmware | ||
Rockwellautomation 1756-en2t Series B | ||
Rockwellautomation 1756-en2t Series C Firmware | ||
Rockwellautomation 1756-en2t Series C | ||
Rockwellautomation 1756-en2t Series D Firmware | <=10.10 | |
Rockwellautomation 1756-en2t Series D | ||
Rockwellautomation 1756-en2tr Series A Firmware | ||
Rockwellautomation 1756-en2tr Series A | ||
Rockwellautomation 1756-en2tr Series B Firmware | ||
Rockwellautomation 1756-en2tr Series B | ||
Rockwellautomation 1756-en2tr Series C Firmware | <=10.10 | |
Rockwellautomation 1756-en2tr Series C | ||
Rockwellautomation 1756-en3tr Series A Firmware | ||
Rockwellautomation 1756-en3tr Series A | ||
Rockwellautomation 1756-en3tr Series B Firmware | <=10.10 | |
Rockwellautomation 1756-en3tr Series B |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-17924 is a vulnerability that affects Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules.
CVE-2018-17924 allows an unauthenticated remote attacker to send a new IP configuration to affected devices even if the controller is non-configurable.
CVE-2018-17924 has a severity score of 8.6 (high).
Yes, CVE-2018-17924 can be exploited remotely by an unauthenticated threat actor.
Apply the appropriate security patches and updates provided by Rockwell Automation to address CVE-2018-17924.