Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ROCKWELL_CVE-2017-12093.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Rockwell Automation MicroLogix Improper Authentication (CVE-2017-12093)
2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.6%
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability.
- An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. (CVE-2017-12093)
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500108);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2017-12093");
script_name(english:"Rockwell Automation MicroLogix Improper Authentication (CVE-2017-12093)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen
Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of
the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send
unauthenticated packets to trigger this vulnerability.
- An exploitable insufficient resource pool vulnerability exists in the session communication functionality
of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets
can cause a flood of the session resource pool resulting in legitimate connections to the PLC being
disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. (CVE-2017-12093)
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c194dbab");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-18-095-01");
# https://www.rockwellautomation.com/en-us/support/advisory.PN1015.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9d68ca89");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Rockwell Automation has recommended that users employ the following mitigation strategies where applicable:
- Users using affected versions of MicroLogix 1100 and MicroLogix 1400 Series A are urged to contact their local
distributor or Sales Office in order to upgrade their devices to a newer product line.
- Set keyswitch to Hard Run to block any unauthorized changes
- For MicroLogix 1400 Series only, Apply FRN 21.002 or later
Rockwell Automation has provided more specific mitigations that can be found in their customer notification (KB1072942)
located at:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1072942# (login required)");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12093");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(400);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/05");
script_set_attribute(attribute:"patch_publication_date", value:"2018/04/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:micrologix_1400_b_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Rockwell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Rockwell');
var asset = tenable_ot::assets::get(vendor:'Rockwell');
var vuln_cpes = {
"cpe:/o:rockwellautomation:micrologix_1400_b_firmware" :
{"versionEndIncluding" : "21.2", "family" : "MicroLogix1400"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rockwellautomation | micrologix_1400_b_firmware | cpe:/o:rockwellautomation:micrologix_1400_b_firmware |
Related
nessus
nessus
Rockwellautomation Micrologix Uncontrolled Resource Consumption
2019-11-08 00:00:00
prion
prion
Denial of service
2018-04-05 21:29:00
nvd
nvd
CVE-2017-12093
2018-04-05 21:29:00
talos
talos
cvelist
cvelist
CVE-2017-12093
2018-03-28 00:00:00
cve
cve
CVE-2017-12093
2018-04-05 21:29:00
checkpoint_advisories
checkpoint_advisories
ics
ics
Rockwell Automation MicroLogix
2018-09-17 12:00:00
talosblog
talosblog
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.6%
Related for TENABLE_OT_ROCKWELL_CVE-2017-12093.NASL