CVE-2017-14464
https://notcve.org/view.php?id=CVE-2017-14464
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed. Existe una vulnerabilidad explotable de control de acceso en las funcionalidades data, program y function file de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Un paquete especialmente manipulado puede provocar una operación de lectura o escritura que resulta en la revelación de información sensible, modificación de opciones o modificación de la lógica de escala. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVE-2017-12090
https://notcve.org/view.php?id=CVE-2017-12090
An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability. Existe una vulnerabilidad explotable de denegación de servicio (DoS) en el procesamiento de comandos snmp-set de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Una petición snmp-set especialmente manipulada, cuando se envía sin comandos snmp-set asociados al flasheo de firmware, puede provocar un ciclo de energía del dispositivo que resulta en tiempo de inactividad para el dispositivo. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-12093
https://notcve.org/view.php?id=CVE-2017-12093
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. Existe una vulnerabilidad explotable de denegación de servicio (DoS) en la funcionalidad de comunicación de sesión de Allen Bradley Micrologix 1400 Series B Firmware, en versiones 21.2 y anteriores. Un flujo de paquetes especialmente manipulado puede provocar la inundación del pool de recursos de sesión que resulta en conexiones legítimas al PCL que se está desconectando. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-14471
https://notcve.org/view.php?id=CVE-2017-14471
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Codes: 0023, 002e, and 0037 Fault Type: Recoverable Description: The STI, EII, and HSC function files contain bits signifying whether or not a fault has occurred. Additionally there is a bit signaling the module to auto start. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •
CVE-2017-14472
https://notcve.org/view.php?id=CVE-2017-14472
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an undocumented data file and returns the ASCII version of the master password. Existe una vulnerabilidad explotable de control de acceso en las funcionalidades data, program y function file de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 •