Improper authentication in Allen-Bradley MicroLogix 1400 - CVE-2017-12089
Published: April 6, 2018
Vulnerability identifier: #VU11606
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12089
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Allen-Bradley MicroLogix 1400
Allen-Bradley MicroLogix 1400
Software vendor:
Rockwell Automation
Rockwell Automation
Description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the program download functionality due to improper authentication. A remote attacker can submit a specially crafted packet that does not indicate the download is complete to the controller during the standard download process and cause the service to crash.
The weakness exists in the program download functionality due to improper authentication. A remote attacker can submit a specially crafted packet that does not indicate the download is complete to the controller during the standard download process and cause the service to crash.
Remediation
Install update from vendor's website.