CVE-2021-22659

Published: Mar 25, 2021Modified: Jun 3, 2026

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Exploitability: 3.9 / Impact: 4.7

Source: NVD

Description

Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user.

Affected (1)

Products: Rockwellautomation: Micrologix 1400 Firmware

Rockwellautomation

1 product

Micrologix 1400 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Micrologix 1400 Firmware	Up to 21.6

Running on/with	Platform Versions
Rockwellautomation Micrologix 1400	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129877/loc/en_US#__highlight

Source: ics-cert@hq.dhs.gov

Permissions RequiredVendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-033-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129877/loc/en_US#__highlight

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-033-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.