CVE-2018-17924
https://notcve.org/view.php?id=CVE-2018-17924
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address. Rockwell Automation MicroLogix 1400 Controllers y 1756 ControlLogix Communications Modules. Un actor de amenaza remoto no autenticado podría enviar una petición de conexión CIP a un dispositivo afectado y, tras conectarse exitosamente, enviar una nueva configuración IP al dispositivo afectado incluso aunque el controlador en el sistema esté configurado en modo Hard RUN. Cuando el dispositivo afectado acepta esta nueva configuración IP, ocurre una pérdida de comunicación entre el dispositivo y el resto del sistema, ya que el tráfico del sistema sigue intentando comunicarse con el dispositivo mediante la dirección IP sobrescrita. • https://github.com/g0dd0ghd/CVE-2018-17924-PoC http://www.securityfocus.com/bid/106132 https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02 • CWE-306: Missing Authentication for Critical Function •
CVE-2010-2965
https://notcve.org/view.php?id=CVE-2010-2965
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. El servicio WDB target agent debug en Wind River VxWorks v6.x, v5.x, y anteriores, como los usados en el Rockwell Automation 1756-ENBT serie A con firmware v3.2.6 y v3.6.1 y otros productos, permiten a atacantes remotos leer o modificar a su elección direcciones de memoria, realizar llamdas a funciones, o administrar tareas a través de peticiones UDP al puerto 17185, relacionado con el comportamiento de CVE-2005-3804. • http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735 http://www.kb.cert.org/vuls/id/362332 http://www.kb.cert.org/vuls/id/MAPG-86EPFA http://www.kb.cert.org/vuls/id/MAPG-86FPQL https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708 • CWE-863: Incorrect Authorization •