CRITICAL🇬🇧 English

CVE-2017-14464

CVSS 9.8v3.1pub. 2018-04-05upd. 2024-11-21

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rockwellautomation Micrologix 1400

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micrologix 1400 B Firmware

    OS
    Rockwellautomation
    ≤ 21.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-6990CRITICAL9.8ten sam produkt

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix...

CVE-2017-14466CRITICAL9.8ten sam produkt

An exploitable access control vulnerability exists in the data, program, and function file permissions functio...

CVE-2017-14462CRITICAL9.8ten sam produkt

An exploitable access control vulnerability exists in the data, program, and function file permissions functio...

CVE-2017-14463CRITICAL9.8ten sam produkt

An exploitable access control vulnerability exists in the data, program, and function file permissions functio...

CVE-2017-14465CRITICAL9.8ten sam produkt

An exploitable access control vulnerability exists in the data, program, and function file permissions functio...

CVE-2017-14464 — CRITICAL 9.8 | CVEbaza.pl