cnvd - cnvd-2020-38702

CNVD-2020-38702

Vulnerability from cnvd - Published: 2020-07-14

Title

多款Rockwell Automation产品拒绝服务漏洞

Description

Rockwell Automation MicroLogix 1400 Controllers Series A等都是美国罗克韦尔（Rockwell Automation）公司的可编程逻辑控制器。多款Rockwell Automation产品中存在安全漏洞，该漏洞源于程序缺少身份验证。攻击者可通过发送CIP连接请求，完成连接后发送新的IP配置利用该漏洞修改系统配置并造成设备与系统之间的通信丢失。

Severity

高

Patch Name

多款Rockwell Automation产品拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.rockwellautomation.com

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-17924

Impacted products

Name
['Rockwell Automation MicroLogix 1400 Controllers Series A', 'Rockwell Automation Series B <=21.003', 'Rockwell Automation Series C <=21.003', 'Rockwell Automation 1756-EN2F Series C <=10.10', 'Rockwell Automation 1756-EN2F Series B', 'Rockwell Automation 1756-EN2F Series A', 'Rockwell Automation 1756-EWEB Series B', 'Rockwell Automation 1756-EWEB Series A', 'Rockwell Automation 1756-ENBT', 'Rockwell Automation 1756-EN2TR Series A', 'Rockwell Automation 1756-EN2TR Series B', 'Rockwell Automation Series C <=10.10', 'Rockwell Automation 1756-EN3TR Series A', 'Rockwell Automation 1756-EN3TR Series B <=10.10']

Name

['Rockwell Automation MicroLogix 1400 Controllers Series A', 'Rockwell Automation Series B <=21.003', 'Rockwell Automation Series C <=21.003', 'Rockwell Automation 1756-EN2F Series C <=10.10', 'Rockwell Automation 1756-EN2F Series B', 'Rockwell Automation 1756-EN2F Series A', 'Rockwell Automation 1756-EWEB Series B', 'Rockwell Automation 1756-EWEB Series A', 'Rockwell Automation 1756-ENBT', 'Rockwell Automation 1756-EN2TR Series A', 'Rockwell Automation 1756-EN2TR Series B', 'Rockwell Automation Series C <=10.10', 'Rockwell Automation 1756-EN3TR Series A', 'Rockwell Automation 1756-EN3TR Series B <=10.10']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "106132"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-17924"
    }
  },
  "description": "Rockwell Automation MicroLogix 1400 Controllers Series A\u7b49\u90fd\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002\n\n\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001CIP\u8fde\u63a5\u8bf7\u6c42\uff0c\u5b8c\u6210\u8fde\u63a5\u540e\u53d1\u9001\u65b0\u7684IP\u914d\u7f6e\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e\u5e76\u9020\u6210\u8bbe\u5907\u4e0e\u7cfb\u7edf\u4e4b\u95f4\u7684\u901a\u4fe1\u4e22\u5931\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.rockwellautomation.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-38702",
  "openTime": "2020-07-14",
  "patchDescription": "Rockwell Automation MicroLogix 1400 Controllers Series A\u7b49\u90fd\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002\r\n\r\n\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001CIP\u8fde\u63a5\u8bf7\u6c42\uff0c\u5b8c\u6210\u8fde\u63a5\u540e\u53d1\u9001\u65b0\u7684IP\u914d\u7f6e\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539\u7cfb\u7edf\u914d\u7f6e\u5e76\u9020\u6210\u8bbe\u5907\u4e0e\u7cfb\u7edf\u4e4b\u95f4\u7684\u901a\u4fe1\u4e22\u5931\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rockwell Automation MicroLogix 1400 Controllers Series A",
      "Rockwell Automation Series B \u003c=21.003",
      "Rockwell Automation Series C \u003c=21.003",
      "Rockwell Automation 1756-EN2F Series C \u003c=10.10",
      "Rockwell Automation 1756-EN2F Series B",
      "Rockwell Automation 1756-EN2F Series A",
      "Rockwell Automation 1756-EWEB Series B",
      "Rockwell Automation 1756-EWEB Series A",
      "Rockwell Automation 1756-ENBT",
      "Rockwell Automation 1756-EN2TR Series A",
      "Rockwell Automation 1756-EN2TR Series B",
      "Rockwell Automation Series C \u003c=10.10",
      "Rockwell Automation 1756-EN3TR Series A",
      "Rockwell Automation 1756-EN3TR Series B \u003c=10.10"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-17924",
  "serverity": "\u9ad8",
  "submitTime": "2018-12-13",
  "title": "\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-17924 (GCVE-0-2018-17924)

Vulnerability from cvelistv5 – Published: 2018-12-07 14:00 – Updated: 2024-08-05 11:01

Summary

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.

Severity ?

No CVSS data available.

CWE

CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306

Assigner

icscert

References

URL

Tags

	http://www.securityfocus.com/bid/106132	vdb-entryx_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Rockwell Automation	Affected: MicroLogix 1400 Controllers Series A, all versions, Series B, v21.003 and earlier,Series C, v21.003 and earlier, 1756 ControlLogix EtherNet/IP Communications Modules 1756-ENBT, all versions, 1756-EWEB Series A, all versions Series B, all versions, 1756-EN2F Series A, all versions, Series B, all versions, Series C, v10.10 and earlier, 1756-EN2T, Series A, all versions, Series B, all versions, Series C, all versions, Series D, v10.10 and earlier, 1756-EN2TR, Series A, all versions, Series B, all versions, Series C, v10.10 and earlier, 1756-EN3TR, Series A, all versions, Series B, v10.10 and earlier.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:01:14.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106132",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106132"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rockwell Automation",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MicroLogix 1400 Controllers Series A, all versions, Series B, v21.003 and earlier,Series C, v21.003 and earlier, 1756 ControlLogix EtherNet/IP Communications Modules 1756-ENBT, all versions, 1756-EWEB Series A, all versions Series B, all versions, 1756-EN2F Series A, all versions, Series B, all versions, Series C, v10.10 and earlier, 1756-EN2T, Series A, all versions, Series B, all versions, Series C, all versions, Series D, v10.10 and earlier, 1756-EN2TR, Series A, all versions, Series B, all versions, Series C, v10.10 and earlier, 1756-EN3TR, Series A, all versions, Series B, v10.10 and earlier."
            }
          ]
        }
      ],
      "datePublic": "2018-12-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-08T10:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "106132",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106132"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-17924",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rockwell Automation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MicroLogix 1400 Controllers Series A, all versions, Series B, v21.003 and earlier,Series C, v21.003 and earlier, 1756 ControlLogix EtherNet/IP Communications Modules 1756-ENBT, all versions, 1756-EWEB Series A, all versions Series B, all versions, 1756-EN2F Series A, all versions, Series B, all versions, Series C, v10.10 and earlier, 1756-EN2T, Series A, all versions, Series B, all versions, Series C, all versions, Series D, v10.10 and earlier, 1756-EN2TR, Series A, all versions, Series B, all versions, Series C, v10.10 and earlier, 1756-EN3TR, Series A, all versions, Series B, v10.10 and earlier."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106132",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106132"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-17924",
    "datePublished": "2018-12-07T14:00:00",
    "dateReserved": "2018-10-02T00:00:00",
    "dateUpdated": "2024-08-05T11:01:14.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-38702

CVE-2018-17924 (GCVE-0-2018-17924)

Tags

Sightings

Nomenclature