#VU53593 Man-in-the-Middle (MitM) attack in Allen-Bradley MicroLogix 1400 and Micro800 - CVE-2021-32926
Published: May 26, 2021
Vulnerability identifier: #VU53593
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-32926
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Allen-Bradley MicroLogix 1400
Micro800
Allen-Bradley MicroLogix 1400
Micro800
Software vendor:
Rockwell Automation
Rockwell Automation
Description
The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.
The vulnerability exists due to an issue when an authenticated password change request takes place. A remote attacker can intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash, leading to denial of service (DoS) condition.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.