cbcvebase.
CVE-2017-16740
published 2018-01-09

CVE-2017-16740: A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The…

PriorityP264critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
7.14%
93.5th percentile
A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

Affected

6 ranges
VendorProductVersion rangeFixed in
rockwellautomation1766-l32awa_firmware<= 21.002
rockwellautomation1766-l32awaa_firmware<= 21.002
rockwellautomation1766-l32bwa_firmware<= 21.002
rockwellautomation1766-l32bwaa_firmware<= 21.002
rockwellautomation1766-l32bxb_firmware<= 21.002
rockwellautomation1766-l32bxba_firmware<= 21.002

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is exploitable via Modbus TCP communications; monitor/block unexpected Modbus TCP traffic to MicroLogix 1400 devices as an attack vector indicator.
  • The vulnerability is remotely exploitable with no authentication or user interaction required (AV:N/AC:L/PR:N/UI:N); any unsolicited inbound network connection to affected MicroLogix 1400 devices should be treated as suspicious.
  • ·Modbus TCP can be disabled on the device if not required, which mitigates the vulnerability entirely; verify whether Modbus TCP is enabled in deployments when assessing exposure.
  • ·No known public exploits exist for this CVE at time of advisory publication, limiting immediate threat actor exploitation risk.
  • ·The vulnerability is a stack-based buffer overflow (CWE-120) triggered over the network; exploitation may result in device unresponsiveness rather than confirmed code execution in all cases.

CVSS provenance

nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.