Filtered by vendor Rockwellautomation
Subscribe
Filtered by product Micrologix 1400 B Firmware
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6984 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. | |||||
| CVE-2020-6988 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials. | |||||
| CVE-2017-12093 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2017-12089 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2017-12092 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2018-08-01 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2017-12088 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2018-05-18 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability | |||||
| CVE-2017-12090 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2018-05-15 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability. | |||||