CVE-2017-14465
https://notcve.org/view.php?id=CVE-2017-14465
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC. Existe una vulnerabilidad explotable de control de acceso en las funcionalidades data, program y function file de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVE-2017-12089
https://notcve.org/view.php?id=CVE-2017-12089
An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability. Existe una vulnerabilidad explotable de denegación de servicio (DoS) en la funcionalidad de descarga de programas de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Un paquete especialmente manipulado puede provocar un error en el dispositivo, lo que resulta en la interrupción de las operaciones. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0441 •
CVE-2017-14463
https://notcve.org/view.php?id=CVE-2017-14463
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values. Existe una vulnerabilidad explotable de control de acceso en las funcionalidades data, program y function file de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVE-2017-12088
https://notcve.org/view.php?id=CVE-2017-12088
An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability Existe una vulnerabilidad explotable de denegación de servicio (DoS) en la funcionalidad Ethernet de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Un paquete especialmente manipulado puede provocar un ciclo de energía del dispositivo, lo que resulta en un estado de error y la eliminación de la lógica de escala. Un atacante puede enviar un paquete sin autenticación para provocar esta vulnerabilidad. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0440 • CWE-20: Improper Input Validation •
CVE-2017-14462
https://notcve.org/view.php?id=CVE-2017-14462
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •