CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-12093

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.0980%
EPSS Percentile35.46th
Published2018年4月5日
Last Modified2024年11月21日

Vulnerability Description

An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability.

Affected Platforms (CPE)

💻
Rockwellautomation

Micrologix 1400 B Firmware

<= 21.2

References & Advisories

🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445
🔗 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445

関連する脆弱性情報

CVE-2017-144689.8

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Brad...

CVE-2012-64379.8

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the E...

CVE-2017-120907.7

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 ...

CVE-2016-56457.3

Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA device...