Page 4 of 34 results (0.007 seconds)

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values. Existe una vulnerabilidad explotable de control de acceso en las funcionalidades data, program y function file de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •

CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 1

An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability Existe una vulnerabilidad explotable de denegación de servicio (DoS) en la funcionalidad Ethernet de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Un paquete especialmente manipulado puede provocar un ciclo de energía del dispositivo, lo que resulta en un estado de error y la eliminación de la lógica de escala. Un atacante puede enviar un paquete sin autenticación para provocar esta vulnerabilidad. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0440 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed. Existe una vulnerabilidad explotable de control de acceso en las funcionalidades data, program y function file de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Un paquete especialmente manipulado puede provocar una operación de lectura o escritura que resulta en la revelación de información sensible, modificación de opciones o modificación de la lógica de escala. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability. Existe una vulnerabilidad explotable de denegación de servicio (DoS) en el procesamiento de comandos snmp-set de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Una petición snmp-set especialmente manipulada, cuando se envía sin comandos snmp-set asociados al flasheo de firmware, puede provocar un ciclo de energía del dispositivo que resulta en tiempo de inactividad para el dispositivo. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442 • CWE-400: Uncontrolled Resource Consumption •