cbcvebase.

Rockwellautomation Micrologix 1400 B Firmware vulnerabilities

22 known vulnerabilities affecting rockwellautomation/micrologix_1400_b_firmware.

Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH6MEDIUM2LOW1

Vulnerabilities

Page 1 of 2
CVE-2017-14466P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14466 [CRITICAL] CVE-2017-14466: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14468P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14468 [CRITICAL] CVE-2017-14468: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14472P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14472 [CRITICAL] CVE-2017-14472: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14465P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14465 [CRITICAL] CVE-2017-14465: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14462P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14462 [CRITICAL] CVE-2017-14462: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14473P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14473 [CRITICAL] CVE-2017-14473: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14467P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14467 [CRITICAL] CVE-2017-14467: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14471P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14471 [CRITICAL] CVE-2017-14471: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14470P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14470 [CRITICAL] CVE-2017-14470: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14469P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14469 [CRITICAL] CVE-2017-14469: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14463P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14463 [CRITICAL] CVE-2017-14463: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2017-14464P2CRITICALCVSS 9.8≤ 21.22018-04-05
CVE-2017-14464 [CRITICAL] CVE-2017-14464: An exploitable access control vulnerability exists in the data, program, and function file permissio An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An at
nvd
CVE-2020-6990P2CRITICALCVSS 9.8≤ 21.0012020-03-16
CVE-2020-6990 [CRITICAL] CWE-321 CVE-2020-6990: Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use
nvd
CVE-2020-6988P3HIGHCVSS 7.5≤ 21.0012020-03-16
CVE-2020-6988 [HIGH] CWE-603 CVE-2020-6988: Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with
nvd
CVE-2017-12089P3HIGHCVSS 7.5≤ 21.22018-04-05
CVE-2017-12089 [HIGH] CVE-2017-12089: An exploitable denial of service vulnerability exists in the program download functionality of Allen An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability.
nvd
CVE-2020-6984P3HIGHCVSS 7.5≤ 21.0012020-03-16
CVE-2020-6984 [HIGH] CWE-327 CVE-2020-6984: Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.
nvd
CVE-2017-12092P3HIGHCVSS 7.5≤ 21.22018-06-04
CVE-2017-12092 [HIGH] CWE-200 CVE-2017-12092: An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley M An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability.
nvd
CVE-2017-12088P3HIGHCVSS 7.5≤ 21.22018-04-05
CVE-2017-12088 [HIGH] CWE-20 CVE-2017-12088: An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bra An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability
nvd
CVE-2017-12090P3HIGHCVSS 7.5≤ 21.22018-04-05
CVE-2017-12090 [HIGH] CWE-400 CVE-2017-12090: An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send o
nvd
CVE-2017-12093P4MEDIUMCVSS 5.3≤ 21.22018-04-05
CVE-2017-12093 [MEDIUM] CWE-400 CVE-2017-12093: An exploitable insufficient resource pool vulnerability exists in the session communication function An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unau
nvd
Rockwellautomation Micrologix 1400 B Firmware vulnerabilities | cvebase