CVSS: 10.0EPSS: 42%CPEs: 2EXPL: 1CVE-2017-14473
https://notcve.org/view.php?id=CVE-2017-14473
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its d... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12090
https://notcve.org/view.php?id=CVE-2017-12090
05 Apr 2018 — An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability. Existe una vulnerabilidad explotable de denegación de servicio (DoS) en el procesamiento de comandos snmp-set de Alle... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 3%CPEs: 2EXPL: 1CVE-2017-12093
https://notcve.org/view.php?id=CVE-2017-12093
05 Apr 2018 — An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. Existe una vulnerabilidad explotable de denegación de servicio (DoS) en la funcionalidad de comunicación de se... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 42%CPEs: 2EXPL: 1CVE-2017-14468
https://notcve.org/view.php?id=CVE-2017-14468
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12088
https://notcve.org/view.php?id=CVE-2017-12088
05 Apr 2018 — An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability Existe una vulnerabilidad explotable de denegación de servicio (DoS) en la funcionalidad Ethernet de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y ante... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0440 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 42%CPEs: 2EXPL: 1CVE-2017-14470
https://notcve.org/view.php?id=CVE-2017-14470
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 10.0EPSS: 37%CPEs: 2EXPL: 1CVE-2017-14465
https://notcve.org/view.php?id=CVE-2017-14465
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, cau... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 10.0EPSS: 42%CPEs: 2EXPL: 1CVE-2017-14472
https://notcve.org/view.php?id=CVE-2017-14472
05 Apr 2018 — An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an ... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6490
https://notcve.org/view.php?id=CVE-2015-6490
28 Oct 2015 — Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento del buffer basado en pila en los dispositivos Allen-Bradley MicroLogix 1100 en versiones anteriores a B FRN 15.000 y dispositivos 1400 hasta la versión B FRN 15.003 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6486
https://notcve.org/view.php?id=CVE-2015-6486
28 Oct 2015 — SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección de SQL en dispositivos Allen-Bradley MicroLogix 1100 en versiones anteriores a B FRN 15.000 y dispositivos 1400 en versiones anteriores a B FRN 15.003 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •