CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 13.0. It is, therefore, affected by multiple vulnerabilities :
An improper access control vulnerability exists when sending a ‘stop’ command, which causes a denial of service condition leaving the device in an unresponsive state, resulting in a loss of availability for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6435)
An improper validation vulnerability exists when the device attempts to parse a CIP packet sent to affected ports, which causes a buffer overflow that crashes the device’s CPU, resulting in a loss of availability for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6436)
An improper authentication vulnerability exists in the module providing source and data authentication, which can allow a remote attacker to upload an arbitrary firmware image to the ethernet card, resulting in the execution of code or causing a denial of service and a loss of availability for any device connected to the MicroLogix 1100 PLC. (CVE-2012-6437)
An improper validation vulnerability exists when the device attempts to parse a malformed CIP packet, which causes an overflow condition in the network interface card (NIC), resulting in a denial of service condition and a loss of availability for any device connected to the MicroLogix 1100 PLC. (CVE-2012-6438)
An improper access control vulnerability exists when parsing a CIP message that changes the device’s network or configuration parameters, resulting in a denial of service condition and a loss of communication for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6439)
An information exposure vulnerability exists when sending a ‘dump’ command, which results in the improper disclosure of boot code information from the MicroLogix 1100 PLC. (CVE-2012-6441)
An improper access control vulnerability exists when sending a ‘reset’ command, which causes a denial of service condition leaving the device in an unresponsive state, resulting in a loss of availability for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6442)
Binary data scada_rockwell_micrologix_1100_plc_dos_470154.nbin
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6442
www.nessus.org/u?8764efc3
www.nessus.org/u?99ae98df
www.nessus.org/u?d41f0fc1