CVE-2017-16740
published 2018-01-09CVE-2017-16740: A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The…
PriorityP264critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
7.14%
93.5th percentile
A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | 1766-l32awa_firmware | <= 21.002 | — |
| rockwellautomation | 1766-l32awaa_firmware | <= 21.002 | — |
| rockwellautomation | 1766-l32bwa_firmware | <= 21.002 | — |
| rockwellautomation | 1766-l32bwaa_firmware | <= 21.002 | — |
| rockwellautomation | 1766-l32bxb_firmware | <= 21.002 | — |
| rockwellautomation | 1766-l32bxba_firmware | <= 21.002 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is exploitable via Modbus TCP communications; monitor/block unexpected Modbus TCP traffic to MicroLogix 1400 devices as an attack vector indicator. ↗
- →The vulnerability is remotely exploitable with no authentication or user interaction required (AV:N/AC:L/PR:N/UI:N); any unsolicited inbound network connection to affected MicroLogix 1400 devices should be treated as suspicious. ↗
- ·Modbus TCP can be disabled on the device if not required, which mitigates the vulnerability entirely; verify whether Modbus TCP is enabled in deployments when assessing exposure. ↗
- ·No known public exploits exist for this CVE at time of advisory publication, limiting immediate threat actor exploitation risk. ↗
- ·The vulnerability is a stack-based buffer overflow (CWE-120) triggered over the network; exploitation may result in device unresponsiveness rather than confirmed code execution in all cases. ↗
CVSS provenance
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f8m9-fwqj-74hf: A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21
ghsa_unreviewed·2022-05-14
CVE-2017-16740 [CRITICAL] CWE-119 GHSA-f8m9-fwqj-74hf: A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21
A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CISA ICS
Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers
cisa_ics·2018-01-09
Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers
Last RevisedJanuary 09, 2018
Alert CodeICSA-18-009-01
## CVSS v3 8.6
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Rockwell Automation
Equipment: Allen-Bradley MicroLogix 1400 Controllers
Vulnerability: Buffer Overflow
## AFFECTED PRODUCTS
The following versions of MicroLogix 1400 Controllers, a PLC, are affected:
- MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier
Rockwell Automation reports that the following catalogs are affected:
- 1766-L32AWA
- 1766-L32AWAA
-
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/102474https://ics-cert.us-cert.gov/advisories/ICSA-18-009-01https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1070883http://www.securityfocus.com/bid/102474https://ics-cert.us-cert.gov/advisories/ICSA-18-009-01https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1070883
2018-01-09
Published