Main Vulnerability Database SB2021052633

SB2021052633 - Denial of service in Rockwell Automation Micro800 and MicroLogix 1400

Published: May 26, 2021

Security Bulletin ID SB2021052633

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2021-32926)

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to an issue when an authenticated password change request takes place. A remote attacker can intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash, leading to denial of service (DoS) condition.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/icsa-21-145-02