First published: Thu Feb 24 2022(Updated: )
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware | >=4.001<=4.005 | |
Rockwellautomation 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware | >=5.011<=5.017 | |
Rockwellautomation 1734-aentr Point I\/o Dual Port Network Adaptor Series B | ||
Rockwellautomation 1734-aentr Point I\/o Dual Port Network Adaptor Series C Firmware | =6.011 | |
Rockwellautomation 1734-aentr Point I\/o Dual Port Network Adaptor Series C Firmware | =6.012 | |
Rockwellautomation 1734-aentr Point I\/o Dual Port Network Adaptor Series C | ||
Rockwell Automation Series B, Versions 4.001 to 4.005, and 5.011 to 5.017 | ||
Rockwell Automation Series C, Versions 6.011 and 6.012 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.