563 matches found
Information Disclosure Vulnerability in Multiple Rockwell Automation Products
Rockwell Automation Allen-Bradley MicroLogix 1100 1763-L16AWA Series A and others are programmable logic controller PLC products from Rockwell Automation. An information disclosure vulnerability exists in multiple Rockwell Automation products. An attacker could exploit this vulnerability to recov...
Rockwell Automation MicroLogix 1100 Controllers
CVSS v3 7.5 Vendor: Rockwell Automation Equipment: MicroLogix 1100 Controllers Vulnerability: Improper Input Validation REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on May 18, 2017, and is being released to the NCCIC/ICS-CERT web site. AFFECTED PRODUCTS The followi...
CVE-2016-9334
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...
CVE-2016-9338
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...
CVE-2016-9334
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...
CVE-2016-9338
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...
Design/Logic Flaw
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...
Code injection
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...
CVE-2016-9338
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...
CVE-2016-9334
CVE-2016-9334 affects Rockwell Automation Allen-Bradley MicroLogix 1100/1400 PLCs. The issue is cleartext transmission of credentials over the device web server, making credentials observable to anyone monitoring traffic. Affected MicroLogix 1100 controllers include 1763-L16AWA, 1763-L16BBB, 1763...
CVE-2016-9338
CVE-2016-9338 affects Rockwell Automation Allen‑Bradley MicroLogix 1100 controllers (1763-L16AWA/BBA/BWA/DWD, Series A/B, prior to firmware 15.000 for 1100 Series B; and related 1400 variants) due to an Incorrect Permission Assignment for a Critical Resource . This design flaw allows administrato...
Rockwell Automation MicroLogix 1100 and 1400 Denial of Service Vulnerability
Rockwell Automation is a British company that provides industrial automation control and globalized information. the MicroLogix 1100 and 1400 series products are used in food, agriculture, and water and wastewater systems, to name a few. A denial of service vulnerability exists in Rockwell...
Rockwell Automation MicroLogix 1100 and 1400 Unauthorized Access Vulnerability
Rockwell Automation is a British company that provides industrial automation control and globalized information. the MicroLogix 1100 and 1400 series products are used in food, agriculture, and water and wastewater systems, among other applications. An unauthorized access vulnerability exists in...
Rockwell Automation MicroLogix 1100 and 1400 Vulnerabilities
OVERVIEW This advisory was originally posted to the NCCIC Portal library on December 1, 2016, and is being released to the NCCIC/ICS-CERT web site. Alexey Osipov and Ilya Karpov of Positive Technologies have identified vulnerabilities in Rockwell Automation’s Allen-Bradley MicroLogix 1100 and 140...
CVE-2016-5645
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community...
Hardcoded credentials
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community...
CVE-2016-5645
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community...
CVE-2016-5645
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community...
CVE-2016-5645
The provided Connected documents confirm a concrete issue: Rockwell Automation MicroLogix 1400 PLCs (models 1766-L32BWA/AWA/BXB/WAA, 1766-L32BXBA etc.) expose an undocumented privileged SNMP community string (“wheel”) alongside standard public/private, granting read/write access. This enables rem...
Rockwell Automation MicroLogix Remote Code Execution (CVE-2016-5645)
A remote code execution vulnerability exists in Rockwell Automation MicroLogix. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...