CVE-2017-14472
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an undocumented data file and returns the ASCII version of the master password.
Existe una vulnerabilidad explotable de control de acceso en las funcionalidades data, program y function file de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Un paquete especialmente manipulado puede provocar una operación de lectura o escritura que resulta en la revelación de información sensible, modificación de opciones o modificación de la lógica de escala. Un atacante puede enviar paquetes sin autenticación para provocar esta vulnerabilidad. Estado de Keyswitch requerido: Cualquiera. Descripción: Solicita un conjunto específico de bytes de un archivo de datos no documentado y devuelve la versión en ASCII de la contraseña maestra.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-13 CVE Reserved
- 2018-04-05 CVE Published
- 2023-07-08 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443 | 2024-09-16 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1400 B Firmware Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware" | <= 21.2 Search vendor "Rockwellautomation" for product "Micrologix 1400 B Firmware" and version " <= 21.2" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micrologix 1400 Search vendor "Rockwellautomation" for product "Micrologix 1400" | - | - |
Safe
|