CVE-2017-14467
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by an unauthenticated user allowing for addition, deletion, or modification of existing ladder logic. Additionally, faults and cpu state modification can be triggered if specific ladder logic is used.
Existe una vulnerabilidad explotable de control de acceso en las funcionalidades data, program y function file de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Un paquete especialmente manipulado puede provocar una operación de lectura o escritura que resulta en la revelación de información sensible, modificación de opciones o modificación de la lógica de escala. Un atacante puede enviar paquetes sin autenticación para provocar esta vulnerabilidad. Estado de Keyswitch requerido: REMOTE. Descripción: Un usuario no autenticado puede realizar ediciones live rung, lo que permite la adición, eliminación o modificación de la lógica de escala existente. Adicionalmente, puede desencadenarse la modificación de errores y del estado de la cpu si se emplea lógica de escala.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-13 CVE Reserved
- 2018-04-05 CVE Published
- 2023-07-08 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 | 2024-09-16 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1400 B Firmware Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware" | <= 21.2 Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware" and version " <= 21.2" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1400 Search vendor "Rockwellautomation" for product "Micrologix 1400" | - | - |
Safe
|