high
8.6
CWE
306
Advisory Published
Updated

CVE-2018-17924

First published: Fri Dec 07 2018(Updated: )

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Rockwellautomation Micrologix 1400 Firmware
Rockwellautomation Micrologix 1400
Rockwellautomation 1756-enbt Firmware
Rockwellautomation 1756-enbt
Rockwellautomation 1756-eweb Series A Firmware
Rockwellautomation 1756-eweb Series A
Rockwellautomation 1756-eweb Series B Firmware
Rockwellautomation 1756-eweb Series B
Rockwellautomation 1756-en2f Series A Firmware
Rockwellautomation 1756-en2f Series A
Rockwellautomation 1756-en2f Series B Firmware
Rockwellautomation 1756-en2f Series B
Rockwellautomation 1756-en2f Series C Firmware<=10.10
Rockwellautomation 1756-en2f Series C
Rockwellautomation 1756-en2t Series A Firmware
Rockwellautomation 1756-en2t Series A
Rockwellautomation 1756-en2t Series B Firmware
Rockwellautomation 1756-en2t Series B
Rockwellautomation 1756-en2t Series C Firmware
Rockwellautomation 1756-en2t Series C
Rockwellautomation 1756-en2t Series D Firmware<=10.10
Rockwellautomation 1756-en2t Series D
Rockwellautomation 1756-en2tr Series A Firmware
Rockwellautomation 1756-en2tr Series A
Rockwellautomation 1756-en2tr Series B Firmware
Rockwellautomation 1756-en2tr Series B
Rockwellautomation 1756-en2tr Series C Firmware<=10.10
Rockwellautomation 1756-en2tr Series C
Rockwellautomation 1756-en3tr Series A Firmware
Rockwellautomation 1756-en3tr Series A
Rockwellautomation 1756-en3tr Series B Firmware<=10.10
Rockwellautomation 1756-en3tr Series B

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2018-17924?

    CVE-2018-17924 is a vulnerability that affects Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules.

  • How does CVE-2018-17924 impact Rockwell Automation devices?

    CVE-2018-17924 allows an unauthenticated remote attacker to send a new IP configuration to affected devices even if the controller is non-configurable.

  • What is the severity of CVE-2018-17924?

    CVE-2018-17924 has a severity score of 8.6 (high).

  • Is CVE-2018-17924 exploitable remotely?

    Yes, CVE-2018-17924 can be exploited remotely by an unauthenticated threat actor.

  • How can I mitigate the vulnerability CVE-2018-17924?

    Apply the appropriate security patches and updates provided by Rockwell Automation to address CVE-2018-17924.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203