CyberSec.Space Logo
Back to CVE Browser

CVE-2017-14472

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile28.89th
PublishedApr 5, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an undocumented data file and returns the ASCII version of the master password.

Affected Platforms (CPE)

💻
Rockwellautomation

Micrologix 1400 B Firmware

<= 21.2

References & Advisories

🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443
🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443

Related Vulnerabilities

CVE-2017-144689.8

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Brad...

CVE-2012-64379.8

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the E...

CVE-2017-120907.7

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 ...

CVE-2016-56457.3

Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA device...