// For flags

CVE-2017-12090

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability.

Existe una vulnerabilidad explotable de denegación de servicio (DoS) en el procesamiento de comandos snmp-set de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Una petición snmp-set especialmente manipulada, cuando se envía sin comandos snmp-set asociados al flasheo de firmware, puede provocar un ciclo de energía del dispositivo que resulta en tiempo de inactividad para el dispositivo. Un atacante puede enviar un paquete para provocar esta vulnerabilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-07-31 CVE Reserved
  • 2018-04-05 CVE Published
  • 2024-02-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rockwellautomation
Search vendor "Rockwellautomation"
Micrologix 1400 B Firmware
Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware"
<= 21.2
Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware" and version " <= 21.2"
-
Affected
in Rockwellautomation
Search vendor "Rockwellautomation"
Micrologix 1400
Search vendor "Rockwellautomation" for product "Micrologix 1400"
--
Safe