This script is Copyright (C) 2015-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCADA_ROCKWELL_MICROLOGIX_1100_PLC_DOS_470154.NBINRockwell Automation MicroLogix 1100 PLC < Series B FRN 13.0 Multiple Vulnerabilities
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.029 Low
EPSS
Percentile
90.8%
The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 13.0. It is, therefore, affected by multiple vulnerabilities :
-
An improper access control vulnerability exists when sending a ‘stop’ command, which causes a denial of service condition leaving the device in an unresponsive state, resulting in a loss of availability for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6435) -
An improper validation vulnerability exists when the device attempts to parse a CIP packet sent to affected ports, which causes a buffer overflow that crashes the device’s CPU, resulting in a loss of availability for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6436) -
An improper authentication vulnerability exists in the module providing source and data authentication, which can allow a remote attacker to upload an arbitrary firmware image to the ethernet card, resulting in the execution of code or causing a denial of service and a loss of availability for any device connected to the MicroLogix 1100 PLC. (CVE-2012-6437)
-
An improper validation vulnerability exists when the device attempts to parse a malformed CIP packet, which causes an overflow condition in the network interface card (NIC), resulting in a denial of service condition and a loss of availability for any device connected to the MicroLogix 1100 PLC. (CVE-2012-6438)
-
An improper access control vulnerability exists when parsing a CIP message that changes the device’s network or configuration parameters, resulting in a denial of service condition and a loss of communication for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6439) -
An information exposure vulnerability exists when sending a ‘dump’ command, which results in the improper disclosure of boot code information from the MicroLogix 1100 PLC. (CVE-2012-6441)
-
An improper access control vulnerability exists when sending a ‘reset’ command, which causes a denial of service condition leaving the device in an unresponsive state, resulting in a loss of availability for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6442)
Binary data scada_rockwell_micrologix_1100_plc_dos_470154.nbin| Vendor | Product | Version | CPE |
|---|---|---|---|
| rockwellautomation | micrologix | 1100 | cpe:/a:rockwellautomation:micrologix:1100 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6442
www.nessus.org/u?8764efc3
www.nessus.org/u?99ae98df
www.nessus.org/u?d41f0fc1
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.029 Low
EPSS
Percentile
90.8%