CyberSec.Space Logo
Back to CVE Browser

CVE-2017-14470

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile41.45th
PublishedApr 5, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is considered NaN for the Float data type. When a float is set to this value and used in the PLC, a fault is triggered. NOTE: This is not possible through RSLogix.

Affected Platforms (CPE)

💻
Rockwellautomation

Micrologix 1400 B Firmware

<= 21.2

References & Advisories

🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443
🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443

Related Vulnerabilities

CVE-2017-144689.8

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Brad...

CVE-2012-64379.8

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the E...

CVE-2017-120907.7

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 ...

CVE-2016-56457.3

Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA device...