CVE-2017-14463
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values.
Existe una vulnerabilidad explotable de control de acceso en las funcionalidades data, program y function file de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Un paquete especialmente manipulado puede provocar una operación de lectura o escritura que resulta en la revelación de información sensible, modificación de opciones o modificación de la lógica de escala. Un atacante puede enviar paquetes sin autenticación para provocar esta vulnerabilidad. Estado de Keyswitch requerido: REMOTE o PROG. Código de error asociado: 0012. Tipo de error: Non-User. Descripción: Se puede desencadenar un estado de error sobrescribiendo el archivo de datos de lógica de escala (tipo 0x22 número 0x02) con valores null.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-13 CVE Reserved
- 2018-04-05 CVE Published
- 2023-07-08 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 | 2024-09-17 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1400 B Firmware Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware" | <= 21.2 Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware" and version " <= 21.2" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1400 Search vendor "Rockwellautomation" for product "Micrologix 1400" | - | - |
Safe
|