Multiple vulnerabilities in Rockwell Automation MicroLogix
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-12088 CVE-2017-12089 CVE-2017-12090 CVE-2017-12092 CVE-2017-12093 |
| CWE-ID | CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Allen-Bradley MicroLogix 1400 Hardware solutions / Office equipment, IP-phones, print servers |
| Vendor | Rockwell Automation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Improper authentication
EUVDB-ID: #VU11605
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12088
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Ethernet functionality due to improper authentication. A remote attacker can submit a specially crafted packet and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsAllen-Bradley MicroLogix 1400: B FRN 21.0 - B FRN 21.2
CPE2.3- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.0:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.1:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.2:*:*:*:*:*:*:
http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0440
http://ics-cert.us-cert.gov/advisories/ICSA-18-095-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper authentication
EUVDB-ID: #VU11606
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12089
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the program download functionality due to improper authentication. A remote attacker can submit a specially crafted packet that does not indicate the download is complete to the controller during the standard download process and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsAllen-Bradley MicroLogix 1400: B FRN 21.0 - B FRN 21.2
CPE2.3- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.0:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.1:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.2:*:*:*:*:*:*:
http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0441
http://ics-cert.us-cert.gov/advisories/ICSA-18-095-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper authentication
EUVDB-ID: #VU11607
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12090
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the processing of snmp-set commands due to improper authentication. A remote attacker can submit a specially crafted snmp-set request without associated SNMP-set commands for firmware flashing and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsAllen-Bradley MicroLogix 1400: B FRN 21.0 - B FRN 21.2
CPE2.3- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.0:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.1:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.2:*:*:*:*:*:*:
http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442
http://ics-cert.us-cert.gov/advisories/ICSA-18-095-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper authentication
EUVDB-ID: #VU11608
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper authentication. A remote attacker can submit a specially crafted packet and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsAllen-Bradley MicroLogix 1400: B FRN 21.0 - B FRN 21.2
CPE2.3- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.0:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.1:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.2:*:*:*:*:*:*:
http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443
http://ics-cert.us-cert.gov/advisories/ICSA-18-095-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper authentication
EUVDB-ID: #VU11609
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12092
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.
The weakness exists in the memory module functionality due to improper authentication. A remote attacker can submit a specially crafted packet and write arbitrary files.
Install update from vendor's website.
Vulnerable software versionsAllen-Bradley MicroLogix 1400: B FRN 21.0 - B FRN 21.2
CPE2.3- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.0:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.1:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.2:*:*:*:*:*:*:
http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0444
http://ics-cert.us-cert.gov/advisories/ICSA-18-095-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper authentication
EUVDB-ID: #VU11610
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12093
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the session communication functionality due to improper authentication. A remote attacker can submit a specially crafted stream of packets that trigger a flood of the session resource pool and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsAllen-Bradley MicroLogix 1400: B FRN 21.0 - B FRN 21.2
CPE2.3- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.0:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.1:*:*:*:*:*:*:
- cpe:2.3:h:rockwell_automation:allen-bradley_micrologix_1400:B FRN 21.2:*:*:*:*:*:*:
http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445
http://ics-cert.us-cert.gov/advisories/ICSA-18-095-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
