Lucene search

Talos IntelligenceTALOS-2020-1057

HistoryOct 13, 2020 - 12:00 a.m.

Allen-Bradley MicroLogix 1100 programmable logic controller systems IPv4 denial-of-service vulnerability

2020-10-1300:00:00

Talos Intelligence

www.talosintelligence.com

allen-bradley

micrologix 1100

ipv4

denial-of-service

vulnerability

programmable logic controller

industrial control system

network

crash

vendor disclosure

public release

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

36.9%

JSON

Summary

An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.

Tested Versions

Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 10.000
Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 11.000
Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 12.000
Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 13.000
Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 14.000
Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 15.000
Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 15.002
Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000

Product URLs

<https://ab.rockwellautomation.com/Programmable-Controllers/MicroLogix-1100>

CVSSv3 Score

7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-189 - Numeric Errors

Details

Rockwell Automation Allen-Bradley MicroLogix 1100 Programmable Logic Controllers (PLCs) are marketed for use in a variety of different Industrial Control System (ICS) applications and processes. As such, these devices are often relied upon for the performance of critical process control functions in many different critical infrastructure sectors.

If an ICMP packet with an invalid IPv4 total length is sent to a Micrologix 1100 over the network, it will cause the PLC to crash and enter a fault state. This vulnerability can be triggered without authentication over a network, provided that the device is accessible over it.

Crash Information

Major Error - 0008h - Internal software error

Timeline

2020-05-03 - Vendor Disclosure
2020-07-13 - Vendor requested extension; Disclosure extension granted to end of October
2020-10-13 - Public Release

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

36.9%

JSON

Related for TALOS-2020-1057