Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Micrologix_1400_b_firmware
(Rockwellautomation)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-16 | CVE-2020-6980 | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. | Micrologix_1100_firmware, Micrologix_1400_a_firmware, Micrologix_1400_b_firmware, Rslogix_500 | 3.3 | ||
| 2020-03-16 | CVE-2020-6984 | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. | Micrologix_1100_firmware, Micrologix_1400_a_firmware, Micrologix_1400_b_firmware, Rslogix_500 | 7.5 | ||
| 2020-03-16 | CVE-2020-6988 | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass... | Micrologix_1100_firmware, Micrologix_1400_a_firmware, Micrologix_1400_b_firmware, Rslogix_500 | 7.5 | ||
| 2020-03-16 | CVE-2020-6990 | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. | Micrologix_1100_firmware, Micrologix_1400_a_firmware, Micrologix_1400_b_firmware, Rslogix_500 | 9.8 | ||
| 2018-04-05 | CVE-2017-12093 | An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. | Micrologix_1400_b_firmware | 5.3 | ||
| 2018-04-05 | CVE-2017-14462 | An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some)... | Micrologix_1400_b_firmware | 9.8 | ||
| 2018-04-05 | CVE-2017-14463 | An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012... | Micrologix_1400_b_firmware | 9.8 | ||
| 2018-04-05 | CVE-2017-14464 | An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001... | Micrologix_1400_b_firmware | 9.8 | ||
| 2018-04-05 | CVE-2017-14465 | An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output... | Micrologix_1400_b_firmware | 9.8 | ||
| 2018-04-05 | CVE-2017-14466 | An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype... | Micrologix_1400_b_firmware | 9.8 |