Rockwell Automation MicroLogix Improper Authentication (CVE-2017-12092)

An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated...

Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers URL Redirection to Untrusted Site (CVE-2019-10955)

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers...

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules Missing Authentication For Critical Function (CVE-2018-17924)

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller...

Rockwell Automation Micrologix Improper Access Control (CVE-2017-14464)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

Rockwell Automation MicroLogix Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2015-6492)

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service memory corruption and device crash via a crafted HTTP request. This plugin only works with Tenable.ot. Please visit...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Improper Restriction of Excessive Authentication Attempts (CVE-2017-7898)

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;...

Rockwell Automation MicroLogix Cleartext Transmission of Sensitive Information (CVE-2016-9334)

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...

Rockwell Automation Micrologix Improper Access Control (CVE-2017-14467)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

Rockwell Automation Micro800 and MicroLogix 1400 Channel Accessible By Non-Endpoint (CVE-2021-32926)

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller Micro800: Al...

Rockwell Automation MicroLogix Improper Authentication (CVE-2017-12093)

An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to...

Rockwell Automation MicroLogix Incorrect Permission Assignment for Critical Resource (CVE-2016-9338)

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...

Rockwell Automation Micrologix Improper Access Control (CVE-2017-14465)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

Rockwell Automation Micrologix Improper Access Control (CVE-2017-14470)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

Rockwell (CVE-2015-6486)

SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

Rockwell Automation MicroLogix Controllers and RSLogix 500 Software Use of Hard-Coded Cryptographic Key (CVE-2020-6990)

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file...

Rockwell Automation MicroLogix Improper Authentication (CVE-2017-12088)

An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one...

Rockwell Automation Allen-Bradley Micrologix 1100 Improper Handling of Length Parameter Inconsistency (CVE-2020-6111)

An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000...

Rockwell Automation ControlLogix controllers Resource Management Errors (CVE-2012-6435)

Rockwell Automation SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service control and communication outage via a CIP message that specifies a...

Rockwell Automation MicroLogix Denial Of Service (CVE-2012-4690)

Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits. This plugin...

Rockwell Automation Micrologix Improper Access Control (CVE-2017-14463)

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...