Lucene search

TalosCVE-2017-12088

HistoryApr 05, 2018 - 9:29 p.m.

CVE-2017-12088

2018-04-0521:29:00

CWE-20

talos

web.nvd.nist.gov

cve-2017-12088

ethernet

allen bradley

micrologix 1400

denial of service

vulnerability

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

45.3%

JSON

An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability

Affected configurations

Nvd

Vulners

Node

rockwellautomationmicrologix_1400_b_firmwareRange≤21.2

AND

rockwellautomationmicrologix_1400Match-

VendorProductVersionCPE
rockwellautomationmicrologix_1400_b_firmware*cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*
rockwellautomationmicrologix_1400-cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rockwellautomation	micrologix_1400_b_firmware	*	cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware::::::::
rockwellautomation	micrologix_1400	-	cpe:2.3:h:rockwellautomation:micrologix_1400:-:::::::*

CNA Affected

[
  {
    "product": "Allen Bradley",
    "vendor": "Talos",
    "versions": [
      {
        "status": "affected",
        "version": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15"
      }
    ]
  }
]