CVE-2017-14472
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an undocumented data file and returns the ASCII version of the master password.
Affected (1)
Products: Rockwellautomation: Micrologix 1400 B Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 21.2 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Micrologix 1400 | All versions |
References (2)
Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.