← Back

CVE-2016-5645

nvd nist
Published: Aug 24, 2016Modified: Jun 3, 2026

JSON object

Loading...
7.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability: 3.9 / Impact: 3.4
Source: NVD

Description

Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community.

Affected (6)

Rockwellautomation
6 products
1766 L32awa
1766 L32awaa
1766 L32bwa
1766 L32bwaa
1766 L32bxb
1766 L32bxba
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
1766 L32awa
All versions
1766 L32awaa
All versions
1766 L32bwa
All versions
1766 L32bwaa
All versions
1766 L32bxb
All versions
1766 L32bxba
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

Source: cret@cert.org
Source: cret@cert.org
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.