Lucene search

TalosCVE-2017-12089

HistoryApr 05, 2018 - 9:29 p.m.

CVE-2017-12089

2018-04-0521:29:00

talos

web.nvd.nist.gov

cve-2017-12089

allen bradley

micrologix 1400

dos

denial of service

vulnerability

nvd

device fault

unauthenticated packet

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

30.3%

JSON

An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability.

Affected configurations

Nvd

Vulners

Node

rockwellautomationmicrologix_1400_b_firmwareRange≤21.2

AND

rockwellautomationmicrologix_1400Match-

VendorProductVersionCPE
rockwellautomationmicrologix_1400_b_firmware*cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*
rockwellautomationmicrologix_1400-cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rockwellautomation	micrologix_1400_b_firmware	*	cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware::::::::
rockwellautomation	micrologix_1400	-	cpe:2.3:h:rockwellautomation:micrologix_1400:-:::::::*

CNA Affected

[
  {
    "product": "Allen Bradley",
    "vendor": "Talos",
    "versions": [
      {
        "status": "affected",
        "version": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15"
      }
    ]
  }
]