SB2018032825 - Multiple vulnerabilities in Rockwell Automation MicroLogix
Published: March 28, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Improper authentication (CVE-ID: CVE-2017-12088)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Ethernet functionality due to improper authentication. A remote attacker can submit a specially crafted packet and cause the service to crash.
2) Improper authentication (CVE-ID: CVE-2017-12089)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the program download functionality due to improper authentication. A remote attacker can submit a specially crafted packet that does not indicate the download is complete to the controller during the standard download process and cause the service to crash.
3) Improper authentication (CVE-ID: CVE-2017-12090)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the processing of snmp-set commands due to improper authentication. A remote attacker can submit a specially crafted snmp-set request without associated SNMP-set commands for firmware flashing and cause the service to crash.
4) Improper authentication (CVE-ID: N/A)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper authentication. A remote attacker can submit a specially crafted packet and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
5) Improper authentication (CVE-ID: CVE-2017-12092)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.
The weakness exists in the memory module functionality due to improper authentication. A remote attacker can submit a specially crafted packet and write arbitrary files.
6) Improper authentication (CVE-ID: CVE-2017-12093)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the session communication functionality due to improper authentication. A remote attacker can submit a specially crafted stream of packets that trigger a flood of the session resource pool and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0440
- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-01
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0441
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0444
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445