Search criteria
17 vulnerabilities found for MicroLogix 1400 by Rockwell Automation
VAR-201812-0141
Vulnerability from variot - Updated: 2023-12-18 13:56Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address. Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules Is vulnerable to a lack of authentication for critical functions.Service operation interruption (DoS) There is a possibility of being put into a state. Rockwell Automation MicroLogix 1400 Controllers Series A, etc. are programmable logic controllers of Rockwell Automation in the United States. An attacker can exploit this issue to modify system settings to cause a denial-of-service condition. The following products are vulnerable: MicroLogix 1400 Controllers 1756 ControlLogix EtherNet/IP Communications Modules. The following products and versions are affected: MicroLogix 1400 Controllers Series A (all versions), Series B 21.003 and earlier, Series C 21.003 and earlier; 1756-ENBT (all versions), 1756-EWEB Series A (all versions), 1756 -EWEB Series B (all versions), 1756-EN2F Series A (all versions), 1756-EN2F Series B (all versions), 1756-EN2F Series C 10.10 and earlier, 1756-EN2T Series A (all versions), 1756 -EN2T Series B (all versions), 1756-EN2T Series C (all versions), 1756-EN2T 10.10 and earlier, 1756-EN2TR Series A (all versions), 1756-EN2TR Series B (all versions), Series C 10.10 1756-EN3TR Series A (all versions), 1756-EN3TR Series B 10.10 and earlier (1756 ControlLogix EtherNet/IP communication module)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0141",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "1756-en2tr series b",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2t series b",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en3tr series a",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2tr series a",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2t series c",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2t series a",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-eweb series b",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-eweb series a",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2f series a",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2f series b",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2f series c",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en3tr series b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2tr series c",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en2t series d",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en2f series",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-en2t series",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-en2tr series",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-en3tr series",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-eweb series",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "micrologix 1400",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation micrologix controllers series a",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "automation series b",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=21.003"
},
{
"model": "automation series c",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=21.003"
},
{
"model": "automation 1756-en2f series c",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=10.10"
},
{
"model": "automation 1756-en2f series b",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-en2f series a",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-eweb series b",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-eweb series a",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-enbt",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-en2tr series a",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-en2tr series b",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation series c",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=10.10"
},
{
"model": "automation 1756-en3tr series a",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-en3tr series b",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=10.10"
},
{
"model": "1756-en2f series c",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en2tr series c",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en3tr series b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en2t series d",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "automation 1756-en3tr series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "10.10"
},
{
"model": "automation 1756-en3tr series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2tr series c",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "10.10"
},
{
"model": "automation 1756-en2tr series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2tr series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2t series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation micrologix controllers series c",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "140021.003"
},
{
"model": "automation micrologix controllers series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "140021.003"
},
{
"model": "automation micrologix controllers series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "14000"
},
{
"model": "automation 1756-eweb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "0"
},
{
"model": "automation 1756-en2t series d",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "10.10"
},
{
"model": "automation 1756-en2t series c",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "0"
},
{
"model": "automation 1756-en2t series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "0"
},
{
"model": "automation 1756-en2f series c",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "10.10"
},
{
"model": "automation 1756-en2f series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "0"
},
{
"model": "automation 1756-en2f series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "0"
},
{
"model": "automation controllogix ethernet/ip communications modules",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "17560"
},
{
"model": "automation micrologix controllers 1766-lxxx series b frn",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140021.004"
},
{
"model": "automation controllogix ethernet/ip communications modules frn",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "175611.001"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "BID",
"id": "106132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-enbt_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-eweb_series_a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-eweb_series_a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-eweb_series_b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-eweb_series_b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2f_series_a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2f_series_a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2f_series_b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2f_series_b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2f_series_c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2f_series_c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2t_series_a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2t_series_a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2t_series_b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2t_series_b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2t_series_c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2t_series_c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2t_series_d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2t_series_d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2tr_series_a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2tr_series_a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2tr_series_b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2tr_series_b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2tr_series_c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2tr_series_c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en3tr_series_a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en3tr_series_a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en3tr_series_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en3tr_series_b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Noren",
"sources": [
{
"db": "BID",
"id": "106132"
}
],
"trust": 0.3
},
"cve": "CVE-2018-17924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17924",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38702",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-128432",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17924",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17924",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38702",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-279",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-128432",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "VULHUB",
"id": "VHN-128432"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address. Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules Is vulnerable to a lack of authentication for critical functions.Service operation interruption (DoS) There is a possibility of being put into a state. Rockwell Automation MicroLogix 1400 Controllers Series A, etc. are programmable logic controllers of Rockwell Automation in the United States. \nAn attacker can exploit this issue to modify system settings to cause a denial-of-service condition. \nThe following products are vulnerable:\nMicroLogix 1400 Controllers\n1756 ControlLogix EtherNet/IP Communications Modules. The following products and versions are affected: MicroLogix 1400 Controllers Series A (all versions), Series B 21.003 and earlier, Series C 21.003 and earlier; 1756-ENBT (all versions), 1756-EWEB Series A (all versions), 1756 -EWEB Series B (all versions), 1756-EN2F Series A (all versions), 1756-EN2F Series B (all versions), 1756-EN2F Series C 10.10 and earlier, 1756-EN2T Series A (all versions), 1756 -EN2T Series B (all versions), 1756-EN2T Series C (all versions), 1756-EN2T 10.10 and earlier, 1756-EN2TR Series A (all versions), 1756-EN2TR Series B (all versions), Series C 10.10 1756-EN3TR Series A (all versions), 1756-EN3TR Series B 10.10 and earlier (1756 ControlLogix EtherNet/IP communication module)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "BID",
"id": "106132"
},
{
"db": "VULHUB",
"id": "VHN-128432"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17924",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-310-02",
"trust": 2.8
},
{
"db": "BID",
"id": "106132",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38702",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98844",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-128432",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "VULHUB",
"id": "VHN-128432"
},
{
"db": "BID",
"id": "106132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"id": "VAR-201812-0141",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "VULHUB",
"id": "VHN-128432"
}
],
"trust": 1.4113095285714286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
}
]
},
"last_update_date": "2023-12-18T13:56:50.180000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/global/overview.page"
},
{
"title": "Patch for Multiple Rockwell Automation products denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/225433"
},
{
"title": "Multiple Rockwell Automation Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87546"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128432"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-310-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106132"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17924"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17924"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "VULHUB",
"id": "VHN-128432"
},
{
"db": "BID",
"id": "106132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "VULHUB",
"id": "VHN-128432"
},
{
"db": "BID",
"id": "106132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"date": "2018-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-128432"
},
{
"date": "2018-12-06T00:00:00",
"db": "BID",
"id": "106132"
},
{
"date": "2019-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"date": "2018-12-07T14:29:00.663000",
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"date": "2018-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-128432"
},
{
"date": "2018-12-06T00:00:00",
"db": "BID",
"id": "106132"
},
{
"date": "2019-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"date": "2022-05-02T19:26:00.733000",
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules Vulnerabilities related to lack of authentication for critical functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
],
"trust": 0.6
}
}
VAR-201510-0198
Vulnerability from variot - Updated: 2023-12-18 12:51Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. A cross-site scripting vulnerability 4. An SQL-injection vulnerability An attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "automation micrologix 1766-lk32bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1763-l16dwd series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16dwd series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.003"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "110015.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.002",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov of Positive Technologies, David Atch of CyberX, and Aditya Sood",
"sources": [
{
"db": "BID",
"id": "77333"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6490",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-6490",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07304",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7c72e416-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-84451",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6490",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-07304",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-674",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84451",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "VULHUB",
"id": "VHN-84451"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A denial-of-service vulnerability\n3. A cross-site scripting vulnerability\n4. An SQL-injection vulnerability\nAn attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6490"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84451"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6490",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07304",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655",
"trust": 0.8
},
{
"db": "BID",
"id": "77333",
"trust": 0.3
},
{
"db": "IVD",
"id": "7C72E416-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84451",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "VULHUB",
"id": "VHN-84451"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
]
},
"id": "VAR-201510-0198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "VULHUB",
"id": "VHN-84451"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
}
]
},
"last_update_date": "2023-12-18T12:51:50.850000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-systems"
},
{
"title": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Fixes for stack-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58478"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84451"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6490"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6490"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "VULHUB",
"id": "VHN-84451"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "VULHUB",
"id": "VHN-84451"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84451"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"date": "2015-10-28T10:59:12.937000",
"db": "NVD",
"id": "CVE-2015-6490"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84451"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"date": "2015-10-28T21:03:11.433000",
"db": "NVD",
"id": "CVE-2015-6490"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
],
"trust": 0.8
}
}
VAR-201510-0196
Vulnerability from variot - Updated: 2023-12-18 12:51SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. A cross-site scripting vulnerability 4. An SQL-injection vulnerability An attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0196",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "automation micrologix 1766-lk32bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1763-l16dwd series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16dwd series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.003"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "110015.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.002",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6486"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov of Positive Technologies, David Atch of CyberX, and Aditya Sood",
"sources": [
{
"db": "BID",
"id": "77333"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6486",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-6486",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07307",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-84447",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6486",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-07307",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-672",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84447",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "VULHUB",
"id": "VHN-84447"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A denial-of-service vulnerability\n3. A cross-site scripting vulnerability\n4. An SQL-injection vulnerability\nAn attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6486"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84447"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6486",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07307",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653",
"trust": 0.8
},
{
"db": "BID",
"id": "70568",
"trust": 0.6
},
{
"db": "BID",
"id": "77333",
"trust": 0.3
},
{
"db": "IVD",
"id": "7C67E9BC-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "VULHUB",
"id": "VHN-84447"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
]
},
"id": "VAR-201510-0196",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "VULHUB",
"id": "VHN-84447"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
}
]
},
"last_update_date": "2023-12-18T12:51:50.923000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-systems"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84447"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6486"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6486"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "VULHUB",
"id": "VHN-84447"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "VULHUB",
"id": "VHN-84447"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84447"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"date": "2015-10-28T10:59:11.027000",
"db": "NVD",
"id": "CVE-2015-6486"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84447"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"date": "2015-10-28T21:02:31.597000",
"db": "NVD",
"id": "CVE-2015-6486"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix 1100 and 1400 In the device SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
],
"trust": 0.8
}
}
VAR-201510-0197
Vulnerability from variot - Updated: 2023-12-18 12:51Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. There is a cross-site scripting vulnerability in the Allen-Bradley MicroLogix 1100 version prior to B FRN 15.000 and the 1400 version prior to B FRN 15.003. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. A cross-site scripting vulnerability 4. An SQL-injection vulnerability An attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0197",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "automation micrologix 1766-lk32bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1763-l16dwd series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16dwd series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.003"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "110015.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.002",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6488"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov of Positive Technologies, David Atch of CyberX, and Aditya Sood",
"sources": [
{
"db": "BID",
"id": "77333"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6488",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-6488",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-07303",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-84449",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6488",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-07303",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-673",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84449",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "VULHUB",
"id": "VHN-84449"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. There is a cross-site scripting vulnerability in the Allen-Bradley MicroLogix 1100 version prior to B FRN 15.000 and the 1400 version prior to B FRN 15.003. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A denial-of-service vulnerability\n3. A cross-site scripting vulnerability\n4. An SQL-injection vulnerability\nAn attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6488"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84449"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6488",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07303",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654",
"trust": 0.8
},
{
"db": "BID",
"id": "77333",
"trust": 0.3
},
{
"db": "IVD",
"id": "7C64C1B0-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84449",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "VULHUB",
"id": "VHN-84449"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
]
},
"id": "VAR-201510-0197",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "VULHUB",
"id": "VHN-84449"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
}
]
},
"last_update_date": "2023-12-18T12:51:50.785000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-systems"
},
{
"title": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58477"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84449"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6488"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6488"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "VULHUB",
"id": "VHN-84449"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "VULHUB",
"id": "VHN-84449"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84449"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"date": "2015-10-28T10:59:11.967000",
"db": "NVD",
"id": "CVE-2015-6488"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84449"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"date": "2015-10-28T21:02:50.140000",
"db": "NVD",
"id": "CVE-2015-6488"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
],
"trust": 0.6
}
}
VAR-201510-0200
Vulnerability from variot - Updated: 2023-12-18 12:51Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. The Allen-Bradley MicroLogix 1100 has a denial of service vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Allows remote attackers to initiate denial of service attacks through elaborate HTTP requests. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. A cross-site scripting vulnerability 4. An SQL-injection vulnerability An attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0200",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "automation micrologix 1766-lk32bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1763-l16dwd series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16dwd series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.003"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "110015.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.002",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov of Positive Technologies, David Atch of CyberX, and Aditya Sood",
"sources": [
{
"db": "BID",
"id": "77333"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-6492",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07306",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84453",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6492",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-07306",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-676",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84453",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. The Allen-Bradley MicroLogix 1100 has a denial of service vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Allows remote attackers to initiate denial of service attacks through elaborate HTTP requests. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A denial-of-service vulnerability\n3. A cross-site scripting vulnerability\n4. An SQL-injection vulnerability\nAn attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84453"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6492",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07306",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657",
"trust": 0.8
},
{
"db": "BID",
"id": "77333",
"trust": 0.3
},
{
"db": "IVD",
"id": "7C6F9932-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84453",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
]
},
"id": "VAR-201510-0200",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
}
]
},
"last_update_date": "2023-12-18T12:51:50.961000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-systems"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6492"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6492"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84453"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"date": "2015-10-28T10:59:14.920000",
"db": "NVD",
"id": "CVE-2015-6492"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84453"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"date": "2015-10-28T21:03:36.713000",
"db": "NVD",
"id": "CVE-2015-6492"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
],
"trust": 0.8
}
}
VAR-201510-0199
Vulnerability from variot - Updated: 2023-12-18 12:51Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. Allen-Bradley MicroLogix 1100 and 1400 The device includes FRAME A vulnerability exists in which the contents of an arbitrary file are inserted into an element. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. http://cwe.mitre.org/data/definitions/434.htmlBy a remotely authenticated user FRAME Any file content may be inserted into the element. The Allen-Bradley MicroLogix 1100 has a file insertion vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Rockwell Automation 1766-L32 Series is a 1766-L32 series programmable logic controller (PLC) from Rockwell Automation. A remote file inclusion vulnerability exists in the Rockwell Automation 1766-L32 Series product, which is caused by the program's insufficient filtering of user-submitted input. An attacker could use this vulnerability to obtain sensitive information or execute arbitrary script code in the context of a Web process to control the application. This may allow the attacker to compromise the application; other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.002",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICS-CERT",
"sources": [
{
"db": "BID",
"id": "76357"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
}
],
"trust": 0.9
},
"cve": "CVE-2015-6491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-6491",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07305",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "7c716140-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-84452",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6491",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-07305",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-675",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84452",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "VULHUB",
"id": "VHN-84452"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. Allen-Bradley MicroLogix 1100 and 1400 The device includes FRAME A vulnerability exists in which the contents of an arbitrary file are inserted into an element. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. http://cwe.mitre.org/data/definitions/434.htmlBy a remotely authenticated user FRAME Any file content may be inserted into the element. The Allen-Bradley MicroLogix 1100 has a file insertion vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Rockwell Automation 1766-L32 Series is a 1766-L32 series programmable logic controller (PLC) from Rockwell Automation. \nA remote file inclusion vulnerability exists in the Rockwell Automation 1766-L32 Series product, which is caused by the program\u0027s insufficient filtering of user-submitted input. An attacker could use this vulnerability to obtain sensitive information or execute arbitrary script code in the context of a Web process to control the application. This may allow the attacker to compromise the application; other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6491"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"db": "BID",
"id": "76357"
},
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84452"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6491",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.1
},
{
"db": "BID",
"id": "76357",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07305",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365",
"trust": 0.6
},
{
"db": "IVD",
"id": "7C716140-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84452",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "VULHUB",
"id": "VHN-84452"
},
{
"db": "BID",
"id": "76357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
]
},
"id": "VAR-201510-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "VULHUB",
"id": "VHN-84452"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
}
]
},
"last_update_date": "2023-12-18T12:51:50.998000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-systems"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6491"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6491"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/76357"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "VULHUB",
"id": "VHN-84452"
},
{
"db": "BID",
"id": "76357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "VULHUB",
"id": "VHN-84452"
},
{
"db": "BID",
"id": "76357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84452"
},
{
"date": "2015-08-13T00:00:00",
"db": "BID",
"id": "76357"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"date": "2015-10-28T10:59:13.887000",
"db": "NVD",
"id": "CVE-2015-6491"
},
{
"date": "2015-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84452"
},
{
"date": "2015-12-08T22:02:00",
"db": "BID",
"id": "76357"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"date": "2015-10-28T21:03:25.697000",
"db": "NVD",
"id": "CVE-2015-6491"
},
{
"date": "2015-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix Arbitrary file insertion vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
],
"trust": 0.8
}
}
VAR-201804-0376
Vulnerability from variot - Updated: 2023-12-18 12:02An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0376",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 21.2"
},
{
"model": "automation allen bradley micrologix series b frn",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.2"
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08278"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013207"
},
{
"db": "NVD",
"id": "CVE-2017-14465"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-556"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14465"
}
]
},
"cve": "CVE-2017-14465",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14465",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08278",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105190",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14465",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14465",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14465",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-08278",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-556",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105190",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08278"
},
{
"db": "VULHUB",
"id": "VHN-105190"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013207"
},
{
"db": "NVD",
"id": "CVE-2017-14465"
},
{
"db": "NVD",
"id": "CVE-2017-14465"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-556"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14465"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013207"
},
{
"db": "CNVD",
"id": "CNVD-2018-08278"
},
{
"db": "IVD",
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-105190"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14465",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2017-0443",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-556",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-08278",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013207",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EC5244-39AB-11E9-80BB-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-105190",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08278"
},
{
"db": "VULHUB",
"id": "VHN-105190"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013207"
},
{
"db": "NVD",
"id": "CVE-2017-14465"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-556"
}
]
},
"id": "VAR-201804-0376",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08278"
},
{
"db": "VULHUB",
"id": "VHN-105190"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08278"
}
]
},
"last_update_date": "2023-12-18T12:02:25.514000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix 1400 \u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30fb\u30ed\u30b8\u30c3\u30af\u30fb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fb\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-1400"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105190"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013207"
},
{
"db": "NVD",
"id": "CVE-2017-14465"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0443"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14465"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14465"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08278"
},
{
"db": "VULHUB",
"id": "VHN-105190"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013207"
},
{
"db": "NVD",
"id": "CVE-2017-14465"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-556"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08278"
},
{
"db": "VULHUB",
"id": "VHN-105190"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013207"
},
{
"db": "NVD",
"id": "CVE-2017-14465"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-556"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "IVD",
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08278"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-105190"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013207"
},
{
"date": "2018-04-05T21:29:00.693000",
"db": "NVD",
"id": "CVE-2017-14465"
},
{
"date": "2017-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-556"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08278"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105190"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013207"
},
{
"date": "2022-12-14T16:33:49.283000",
"db": "NVD",
"id": "CVE-2017-14465"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-556"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-556"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen Bradley Micrologix 1400 Series Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013207"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2ec5244-39ab-11e9-80bb-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-556"
}
],
"trust": 0.8
}
}
VAR-201804-0378
Vulnerability from variot - Updated: 2023-12-18 12:02An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by an unauthenticated user allowing for addition, deletion, or modification of existing ladder logic. Additionally, faults and cpu state modification can be triggered if specific ladder logic is used. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation. An attacker could exploit a vulnerability to add, remove, or modify existing ladder logic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0378",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 21.2"
},
{
"model": "automation allen bradley micrologix series b frn",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.2"
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08285"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013209"
},
{
"db": "NVD",
"id": "CVE-2017-14467"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-554"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14467"
}
]
},
"cve": "CVE-2017-14467",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14467",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08285",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105192",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14467",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14467",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14467",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-08285",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-554",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105192",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08285"
},
{
"db": "VULHUB",
"id": "VHN-105192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013209"
},
{
"db": "NVD",
"id": "CVE-2017-14467"
},
{
"db": "NVD",
"id": "CVE-2017-14467"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-554"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by an unauthenticated user allowing for addition, deletion, or modification of existing ladder logic. Additionally, faults and cpu state modification can be triggered if specific ladder logic is used. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation. An attacker could exploit a vulnerability to add, remove, or modify existing ladder logic",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14467"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013209"
},
{
"db": "CNVD",
"id": "CNVD-2018-08285"
},
{
"db": "IVD",
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-105192"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14467",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2017-0443",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-554",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-08285",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013209",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2ECA05F-39AB-11E9-96FD-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-105192",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08285"
},
{
"db": "VULHUB",
"id": "VHN-105192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013209"
},
{
"db": "NVD",
"id": "CVE-2017-14467"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-554"
}
]
},
"id": "VAR-201804-0378",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08285"
},
{
"db": "VULHUB",
"id": "VHN-105192"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08285"
}
]
},
"last_update_date": "2023-12-18T12:02:25.609000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix 1400 \u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30fb\u30ed\u30b8\u30c3\u30af\u30fb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fb\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-1400"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013209"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013209"
},
{
"db": "NVD",
"id": "CVE-2017-14467"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0443"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14467"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14467"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08285"
},
{
"db": "VULHUB",
"id": "VHN-105192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013209"
},
{
"db": "NVD",
"id": "CVE-2017-14467"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-554"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08285"
},
{
"db": "VULHUB",
"id": "VHN-105192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013209"
},
{
"db": "NVD",
"id": "CVE-2017-14467"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-554"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "IVD",
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08285"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-105192"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013209"
},
{
"date": "2018-04-05T21:29:00.867000",
"db": "NVD",
"id": "CVE-2017-14467"
},
{
"date": "2017-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-554"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08285"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105192"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013209"
},
{
"date": "2022-12-14T16:36:47.780000",
"db": "NVD",
"id": "CVE-2017-14467"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-554"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-554"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen Bradley Micrologix 1400 Series Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013209"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2eca05f-39ab-11e9-96fd-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-554"
}
],
"trust": 0.8
}
}
VAR-201804-0375
Vulnerability from variot - Updated: 2023-12-18 12:02An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0375",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 21.2"
},
{
"model": "automation allen bradley micrologix series b frn",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.2"
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08279"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013214"
},
{
"db": "NVD",
"id": "CVE-2017-14464"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-557"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14464"
}
]
},
"cve": "CVE-2017-14464",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14464",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08279",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105189",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14464",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14464",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14464",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-08279",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-557",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105189",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08279"
},
{
"db": "VULHUB",
"id": "VHN-105189"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013214"
},
{
"db": "NVD",
"id": "CVE-2017-14464"
},
{
"db": "NVD",
"id": "CVE-2017-14464"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-557"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14464"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013214"
},
{
"db": "CNVD",
"id": "CNVD-2018-08279"
},
{
"db": "IVD",
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-105189"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14464",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2017-0443",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-557",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-08279",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013214",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2ECA05E-39AB-11E9-BA21-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-105189",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08279"
},
{
"db": "VULHUB",
"id": "VHN-105189"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013214"
},
{
"db": "NVD",
"id": "CVE-2017-14464"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-557"
}
]
},
"id": "VAR-201804-0375",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08279"
},
{
"db": "VULHUB",
"id": "VHN-105189"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08279"
}
]
},
"last_update_date": "2023-12-18T12:02:25.578000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix 1400\u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30fb\u30ed\u30b8\u30c3\u30af\u30fb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fb\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-1400"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013214"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105189"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013214"
},
{
"db": "NVD",
"id": "CVE-2017-14464"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0443"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14464"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14464"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08279"
},
{
"db": "VULHUB",
"id": "VHN-105189"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013214"
},
{
"db": "NVD",
"id": "CVE-2017-14464"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-557"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08279"
},
{
"db": "VULHUB",
"id": "VHN-105189"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013214"
},
{
"db": "NVD",
"id": "CVE-2017-14464"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-557"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "IVD",
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08279"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-105189"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013214"
},
{
"date": "2018-04-05T21:29:00.633000",
"db": "NVD",
"id": "CVE-2017-14464"
},
{
"date": "2017-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-557"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08279"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105189"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013214"
},
{
"date": "2022-12-14T16:27:45.403000",
"db": "NVD",
"id": "CVE-2017-14464"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-557"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-557"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen Bradley Micrologix 1400 Series Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013214"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2eca05e-39ab-11e9-ba21-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-557"
}
],
"trust": 0.8
}
}
VAR-201804-0358
Vulnerability from variot - Updated: 2023-12-18 12:02An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. Allen Bradley Micrologix 1400 Series Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AllenBradleyMicrologix1400SeriesB is a programmable logic controller from Rockwell Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0358",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b 21.2"
},
{
"model": "automation allen bradley micrologix series b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.2"
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07285"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013206"
},
{
"db": "NVD",
"id": "CVE-2017-12093"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12093"
}
]
},
"cve": "CVE-2017-12093",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-12093",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-07285",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-102581",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-12093",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12093",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-12093",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12093",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-07285",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-251",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102581",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07285"
},
{
"db": "VULHUB",
"id": "VHN-102581"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013206"
},
{
"db": "NVD",
"id": "CVE-2017-12093"
},
{
"db": "NVD",
"id": "CVE-2017-12093"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. Allen Bradley Micrologix 1400 Series Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AllenBradleyMicrologix1400SeriesB is a programmable logic controller from Rockwell Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12093"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013206"
},
{
"db": "CNVD",
"id": "CNVD-2018-07285"
},
{
"db": "IVD",
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-102581"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12093",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2017-0445",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2018-07285",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-251",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-095-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013206",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EAF2B1-39AB-11E9-BA42-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-102581",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07285"
},
{
"db": "VULHUB",
"id": "VHN-102581"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013206"
},
{
"db": "NVD",
"id": "CVE-2017-12093"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-251"
}
]
},
"id": "VAR-201804-0358",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07285"
},
{
"db": "VULHUB",
"id": "VHN-102581"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07285"
}
]
},
"last_update_date": "2023-12-18T12:02:25.706000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix 1400 \u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30fb\u30ed\u30b8\u30c3\u30af\u30fb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fb\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-1400"
},
{
"title": "RockwellAutomationAllenBradleyMicrologix1400SeriesB Resource Pool Insufficient Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/125125"
},
{
"title": "Rockwell Automation Allen Bradley Micrologix 1400 Series B Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=83093"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07285"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013206"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-251"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102581"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013206"
},
{
"db": "NVD",
"id": "CVE-2017-12093"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0445"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12093"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12093"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-095-01"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0445"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07285"
},
{
"db": "VULHUB",
"id": "VHN-102581"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013206"
},
{
"db": "NVD",
"id": "CVE-2017-12093"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07285"
},
{
"db": "VULHUB",
"id": "VHN-102581"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013206"
},
{
"db": "NVD",
"id": "CVE-2017-12093"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-10T00:00:00",
"db": "IVD",
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1"
},
{
"date": "2018-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07285"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-102581"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013206"
},
{
"date": "2018-04-05T21:29:00.460000",
"db": "NVD",
"id": "CVE-2017-12093"
},
{
"date": "2018-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07285"
},
{
"date": "2023-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-102581"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013206"
},
{
"date": "2023-01-28T01:41:55.597000",
"db": "NVD",
"id": "CVE-2017-12093"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-251"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-251"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen Bradley Micrologix 1400 Series Resource management vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013206"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "e2eaf2b1-39ab-11e9-ba42-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-251"
}
],
"trust": 0.8
}
}
VAR-201804-0373
Vulnerability from variot - Updated: 2023-12-18 12:02An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0373",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 21.2"
},
{
"model": "automation allen bradley micrologix series b frn",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.2"
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14462"
}
]
},
"cve": "CVE-2017-14462",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14462",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08275",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105187",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14462",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14462",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14462",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-08275",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-559",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105187",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "VULHUB",
"id": "VHN-105187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-105187"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14462",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2017-0443",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-08275",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EC5241-39AB-11E9-9046-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-105187",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "VULHUB",
"id": "VHN-105187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"id": "VAR-201804-0373",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "VULHUB",
"id": "VHN-105187"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
}
]
},
"last_update_date": "2023-12-18T12:02:25.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix 1400 \u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30fb\u30ed\u30b8\u30c3\u30af\u30fb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fb\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-1400"
},
{
"title": "Patch for AllenBradleyMicrologix1400SeriesBFRN Access Control Vulnerability (CNVD-2018-08275)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/126967"
},
{
"title": "Rockwell Automation Allen Bradley Micrologix 1400 Series B Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100045"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0443"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14462"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14462"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "VULHUB",
"id": "VHN-105187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "VULHUB",
"id": "VHN-105187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-105187"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"date": "2018-04-05T21:29:00.507000",
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"date": "2017-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105187"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"date": "2022-12-14T16:24:16.707000",
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen Bradley Micrologix 1400 Series Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
],
"trust": 0.8
}
}
VAR-201804-0379
Vulnerability from variot - Updated: 2023-12-18 12:02An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0379",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 21.2"
},
{
"model": "automation allen bradley micrologix series b frn",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.2"
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca060-39ab-11e9-a634-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08284"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013211"
},
{
"db": "NVD",
"id": "CVE-2017-14468"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-553"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14468"
}
]
},
"cve": "CVE-2017-14468",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14468",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08284",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2eca060-39ab-11e9-a634-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105193",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14468",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14468",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14468",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-08284",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-553",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2eca060-39ab-11e9-a634-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105193",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca060-39ab-11e9-a634-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08284"
},
{
"db": "VULHUB",
"id": "VHN-105193"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013211"
},
{
"db": "NVD",
"id": "CVE-2017-14468"
},
{
"db": "NVD",
"id": "CVE-2017-14468"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-553"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14468"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013211"
},
{
"db": "CNVD",
"id": "CNVD-2018-08284"
},
{
"db": "IVD",
"id": "e2eca060-39ab-11e9-a634-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-105193"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14468",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2017-0443",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-553",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-08284",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013211",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2ECA060-39AB-11E9-A634-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-105193",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca060-39ab-11e9-a634-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08284"
},
{
"db": "VULHUB",
"id": "VHN-105193"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013211"
},
{
"db": "NVD",
"id": "CVE-2017-14468"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-553"
}
]
},
"id": "VAR-201804-0379",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2eca060-39ab-11e9-a634-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08284"
},
{
"db": "VULHUB",
"id": "VHN-105193"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca060-39ab-11e9-a634-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08284"
}
]
},
"last_update_date": "2023-12-18T12:02:25.255000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix 1400 \u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30fb\u30ed\u30b8\u30c3\u30af\u30fb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fb\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-1400"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013211"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105193"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013211"
},
{
"db": "NVD",
"id": "CVE-2017-14468"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0443"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14468"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14468"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08284"
},
{
"db": "VULHUB",
"id": "VHN-105193"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013211"
},
{
"db": "NVD",
"id": "CVE-2017-14468"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-553"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2eca060-39ab-11e9-a634-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08284"
},
{
"db": "VULHUB",
"id": "VHN-105193"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013211"
},
{
"db": "NVD",
"id": "CVE-2017-14468"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-553"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "IVD",
"id": "e2eca060-39ab-11e9-a634-000c29342cb1"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08284"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-105193"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013211"
},
{
"date": "2018-04-05T21:29:00.913000",
"db": "NVD",
"id": "CVE-2017-14468"
},
{
"date": "2017-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-553"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08284"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105193"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013211"
},
{
"date": "2022-12-14T16:39:30.977000",
"db": "NVD",
"id": "CVE-2017-14468"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-553"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-553"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen Bradley Micrologix 1400 Series Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013211"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2eca060-39ab-11e9-a634-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-553"
}
],
"trust": 0.8
}
}
VAR-201804-0380
Vulnerability from variot - Updated: 2023-12-18 12:02An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 21.2"
},
{
"model": "automation allen bradley micrologix series b frn",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.2"
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08283"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013210"
},
{
"db": "NVD",
"id": "CVE-2017-14469"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-552"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14469"
}
]
},
"cve": "CVE-2017-14469",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14469",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08283",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105194",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14469",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14469",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-08283",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-552",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105194",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08283"
},
{
"db": "VULHUB",
"id": "VHN-105194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013210"
},
{
"db": "NVD",
"id": "CVE-2017-14469"
},
{
"db": "NVD",
"id": "CVE-2017-14469"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-552"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14469"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013210"
},
{
"db": "CNVD",
"id": "CNVD-2018-08283"
},
{
"db": "IVD",
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-105194"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14469",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2017-0443",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-552",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-08283",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013210",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2ECEE81-39AB-11E9-92AC-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-105194",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08283"
},
{
"db": "VULHUB",
"id": "VHN-105194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013210"
},
{
"db": "NVD",
"id": "CVE-2017-14469"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-552"
}
]
},
"id": "VAR-201804-0380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08283"
},
{
"db": "VULHUB",
"id": "VHN-105194"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08283"
}
]
},
"last_update_date": "2023-12-18T12:02:25.352000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix 1400 \u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30fb\u30ed\u30b8\u30c3\u30af\u30fb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fb\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-1400"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013210"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013210"
},
{
"db": "NVD",
"id": "CVE-2017-14469"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0443"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14469"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14469"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08283"
},
{
"db": "VULHUB",
"id": "VHN-105194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013210"
},
{
"db": "NVD",
"id": "CVE-2017-14469"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-552"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08283"
},
{
"db": "VULHUB",
"id": "VHN-105194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013210"
},
{
"db": "NVD",
"id": "CVE-2017-14469"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-552"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "IVD",
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08283"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-105194"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013210"
},
{
"date": "2018-04-05T21:29:00.977000",
"db": "NVD",
"id": "CVE-2017-14469"
},
{
"date": "2017-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-552"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08283"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-105194"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013210"
},
{
"date": "2022-04-19T19:15:18.093000",
"db": "NVD",
"id": "CVE-2017-14469"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-552"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-552"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen Bradley Micrologix 1400 Series Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013210"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2ecee81-39ab-11e9-92ac-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-552"
}
],
"trust": 0.8
}
}
VAR-201804-0374
Vulnerability from variot - Updated: 2023-12-18 12:02An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0374",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 21.2"
},
{
"model": "automation allen bradley micrologix series b frn",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.2"
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08280"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013213"
},
{
"db": "NVD",
"id": "CVE-2017-14463"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-558"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14463"
}
]
},
"cve": "CVE-2017-14463",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14463",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08280",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105188",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14463",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14463",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14463",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-08280",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-558",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105188",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08280"
},
{
"db": "VULHUB",
"id": "VHN-105188"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013213"
},
{
"db": "NVD",
"id": "CVE-2017-14463"
},
{
"db": "NVD",
"id": "CVE-2017-14463"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-558"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14463"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013213"
},
{
"db": "CNVD",
"id": "CNVD-2018-08280"
},
{
"db": "IVD",
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-105188"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14463",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2017-0443",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-558",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-08280",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013213",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2ECEE80-39AB-11E9-B0E1-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-105188",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08280"
},
{
"db": "VULHUB",
"id": "VHN-105188"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013213"
},
{
"db": "NVD",
"id": "CVE-2017-14463"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-558"
}
]
},
"id": "VAR-201804-0374",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08280"
},
{
"db": "VULHUB",
"id": "VHN-105188"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08280"
}
]
},
"last_update_date": "2023-12-18T12:02:25.415000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix 1400 \u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30fb\u30ed\u30b8\u30c3\u30af\u30fb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fb\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-1400"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013213"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105188"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013213"
},
{
"db": "NVD",
"id": "CVE-2017-14463"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0443"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14463"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14463"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08280"
},
{
"db": "VULHUB",
"id": "VHN-105188"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013213"
},
{
"db": "NVD",
"id": "CVE-2017-14463"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08280"
},
{
"db": "VULHUB",
"id": "VHN-105188"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013213"
},
{
"db": "NVD",
"id": "CVE-2017-14463"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "IVD",
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08280"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-105188"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013213"
},
{
"date": "2018-04-05T21:29:00.570000",
"db": "NVD",
"id": "CVE-2017-14463"
},
{
"date": "2017-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08280"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105188"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013213"
},
{
"date": "2022-12-14T16:25:36.050000",
"db": "NVD",
"id": "CVE-2017-14463"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-558"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen Bradley Micrologix 1400 Series Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013213"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2ecee80-39ab-11e9-b0e1-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-558"
}
],
"trust": 0.8
}
}
VAR-201804-0377
Vulnerability from variot - Updated: 2023-12-18 12:02An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation. An attacker could exploit the vulnerability to override the primary password value stored in the file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0377",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 21.2"
},
{
"model": "automation allen bradley micrologix series b frn",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.2"
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08286"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013208"
},
{
"db": "NVD",
"id": "CVE-2017-14466"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-555"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14466"
}
]
},
"cve": "CVE-2017-14466",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14466",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08286",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105191",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14466",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14466",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14466",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-08286",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-555",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105191",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08286"
},
{
"db": "VULHUB",
"id": "VHN-105191"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013208"
},
{
"db": "NVD",
"id": "CVE-2017-14466"
},
{
"db": "NVD",
"id": "CVE-2017-14466"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation. An attacker could exploit the vulnerability to override the primary password value stored in the file",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14466"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013208"
},
{
"db": "CNVD",
"id": "CNVD-2018-08286"
},
{
"db": "IVD",
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-105191"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14466",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2017-0443",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-555",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-08286",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013208",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2ECA061-39AB-11E9-AB55-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-105191",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08286"
},
{
"db": "VULHUB",
"id": "VHN-105191"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013208"
},
{
"db": "NVD",
"id": "CVE-2017-14466"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-555"
}
]
},
"id": "VAR-201804-0377",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08286"
},
{
"db": "VULHUB",
"id": "VHN-105191"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08286"
}
]
},
"last_update_date": "2023-12-18T12:02:25.483000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix 1400 \u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30fb\u30ed\u30b8\u30c3\u30af\u30fb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fb\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-1400"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013208"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105191"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013208"
},
{
"db": "NVD",
"id": "CVE-2017-14466"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0443"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14466"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14466"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08286"
},
{
"db": "VULHUB",
"id": "VHN-105191"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013208"
},
{
"db": "NVD",
"id": "CVE-2017-14466"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08286"
},
{
"db": "VULHUB",
"id": "VHN-105191"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013208"
},
{
"db": "NVD",
"id": "CVE-2017-14466"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "IVD",
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08286"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-105191"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013208"
},
{
"date": "2018-04-05T21:29:00.787000",
"db": "NVD",
"id": "CVE-2017-14466"
},
{
"date": "2017-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08286"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105191"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013208"
},
{
"date": "2022-12-14T16:28:44.553000",
"db": "NVD",
"id": "CVE-2017-14466"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-555"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen Bradley Micrologix 1400 Series Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013208"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2eca061-39ab-11e9-ab55-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-555"
}
],
"trust": 0.8
}
}
CVE-2022-2179 (GCVE-0-2022-2179)
Vulnerability from cvelistv5 – Published: 2022-07-20 15:36 – Updated: 2025-04-16 16:14
VLAI?
Title
ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames
Summary
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | MicroLogix 1400 |
Affected:
unspecified , ≤ 21.007
(custom)
|
|||||||
|
|||||||||
Credits
Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:07.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:51:04.270712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:14:37.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MicroLogix 1400",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "21.007",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "MicroLogix 1100",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation."
}
],
"datePublic": "2022-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T15:36:32.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames",
"workarounds": [
{
"lang": "en",
"value": "Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk. Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also provided below) to deploy a defense-in-depth strategy.\n\n Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the intended use of the device).\n Configure firewalls to disallow network communication through HTTP/Port 80\n\nIf applying the mitigations noted above are not possible, please see Rockwell Automation\u2019s Knowledgebase article QA43240 Security Best Practices.\n\nFor more information, please see the industrial security advisory from Rockwell Automation."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-07-19T20:09:00.000Z",
"ID": "CVE-2022-2179",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MicroLogix 1400",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "21.007"
}
]
}
},
{
"product_name": "MicroLogix 1100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk. Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also provided below) to deploy a defense-in-depth strategy.\n\n Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the intended use of the device).\n Configure firewalls to disallow network communication through HTTP/Port 80\n\nIf applying the mitigations noted above are not possible, please see Rockwell Automation\u2019s Knowledgebase article QA43240 Security Best Practices.\n\nFor more information, please see the industrial security advisory from Rockwell Automation."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2179",
"datePublished": "2022-07-20T15:36:33.007Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:14:37.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2179 (GCVE-0-2022-2179)
Vulnerability from nvd – Published: 2022-07-20 15:36 – Updated: 2025-04-16 16:14
VLAI?
Title
ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames
Summary
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | MicroLogix 1400 |
Affected:
unspecified , ≤ 21.007
(custom)
|
|||||||
|
|||||||||
Credits
Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:07.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:51:04.270712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:14:37.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MicroLogix 1400",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "21.007",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "MicroLogix 1100",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation."
}
],
"datePublic": "2022-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T15:36:32.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames",
"workarounds": [
{
"lang": "en",
"value": "Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk. Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also provided below) to deploy a defense-in-depth strategy.\n\n Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the intended use of the device).\n Configure firewalls to disallow network communication through HTTP/Port 80\n\nIf applying the mitigations noted above are not possible, please see Rockwell Automation\u2019s Knowledgebase article QA43240 Security Best Practices.\n\nFor more information, please see the industrial security advisory from Rockwell Automation."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-07-19T20:09:00.000Z",
"ID": "CVE-2022-2179",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MicroLogix 1400",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "21.007"
}
]
}
},
{
"product_name": "MicroLogix 1100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk. Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also provided below) to deploy a defense-in-depth strategy.\n\n Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the intended use of the device).\n Configure firewalls to disallow network communication through HTTP/Port 80\n\nIf applying the mitigations noted above are not possible, please see Rockwell Automation\u2019s Knowledgebase article QA43240 Security Best Practices.\n\nFor more information, please see the industrial security advisory from Rockwell Automation."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2179",
"datePublished": "2022-07-20T15:36:33.007Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:14:37.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}