CVSS: 10.0EPSS: 42%CPEs: 2EXPL: 1CVE-2017-14466
https://notcve.org/view.php?id=CVE-2017-14466
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 10.0EPSS: 61%CPEs: 2EXPL: 1CVE-2017-14467
https://notcve.org/view.php?id=CVE-2017-14467
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 10.0EPSS: 42%CPEs: 2EXPL: 1CVE-2017-14468
https://notcve.org/view.php?id=CVE-2017-14468
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 10.0EPSS: 15%CPEs: 2EXPL: 1CVE-2017-14469
https://notcve.org/view.php?id=CVE-2017-14469
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 10.0EPSS: 42%CPEs: 2EXPL: 1CVE-2017-14470
https://notcve.org/view.php?id=CVE-2017-14470
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 10.0EPSS: 42%CPEs: 2EXPL: 1CVE-2017-14471
https://notcve.org/view.php?id=CVE-2017-14471
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Codes: 0023, 002e, and 003... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 10.0EPSS: 42%CPEs: 2EXPL: 1CVE-2017-14472
https://notcve.org/view.php?id=CVE-2017-14472
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an ... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 10.0EPSS: 42%CPEs: 2EXPL: 1CVE-2017-14473
https://notcve.org/view.php?id=CVE-2017-14473
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its d... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6486
https://notcve.org/view.php?id=CVE-2015-6486
28 Oct 2015 — SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección de SQL en dispositivos Allen-Bradley MicroLogix 1100 en versiones anteriores a B FRN 15.000 y dispositivos 1400 en versiones anteriores a B FRN 15.003 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6488
https://notcve.org/view.php?id=CVE-2015-6488
28 Oct 2015 — Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el servidor web en los dispositivos Allen-Bradley MicroLogix 1100 en versiones anteriores a B FRN 15.000 y dispositivos 1400 en versiones anteriores a B FRN 15.003 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitra... • https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •