Improper authentication in Allen-Bradley MicroLogix 1400 - CVE-2017-12089
Published: April 6, 2018
Vulnerability identifier: #VU11606
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12089
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Rockwell Automation
Affected software:
Allen-Bradley MicroLogix 1400
Allen-Bradley MicroLogix 1400
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the program download functionality due to improper authentication. A remote attacker can submit a specially crafted packet that does not indicate the download is complete to the controller during the standard download process and cause the service to crash.
The weakness exists in the program download functionality due to improper authentication. A remote attacker can submit a specially crafted packet that does not indicate the download is complete to the controller during the standard download process and cause the service to crash.
How to mitigate CVE-2017-12089
Install update from vendor's website.