VAR-201804-0373
Vulnerability from variot - Updated: 2023-12-18 12:02An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0373",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 21.2"
},
{
"model": "automation allen bradley micrologix series b frn",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.2"
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "21.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14462"
}
]
},
"cve": "CVE-2017-14462",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14462",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-08275",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-105187",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14462",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14462",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14462",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-08275",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-559",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105187",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "VULHUB",
"id": "VHN-105187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-105187"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14462",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2017-0443",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-08275",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EC5241-39AB-11E9-9046-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-105187",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "VULHUB",
"id": "VHN-105187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"id": "VAR-201804-0373",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "VULHUB",
"id": "VHN-105187"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
}
]
},
"last_update_date": "2023-12-18T12:02:25.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix 1400 \u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30fb\u30ed\u30b8\u30c3\u30af\u30fb\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fb\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/ja/programmable-controllers/micrologix-1400"
},
{
"title": "Patch for AllenBradleyMicrologix1400SeriesBFRN Access Control Vulnerability (CNVD-2018-08275)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/126967"
},
{
"title": "Rockwell Automation Allen Bradley Micrologix 1400 Series B Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100045"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0443"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14462"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14462"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "VULHUB",
"id": "VHN-105187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"db": "VULHUB",
"id": "VHN-105187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-105187"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"date": "2018-04-05T21:29:00.507000",
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"date": "2017-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08275"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105187"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013212"
},
{
"date": "2022-12-14T16:24:16.707000",
"db": "NVD",
"id": "CVE-2017-14462"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen Bradley Micrologix 1400 Series Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2ec5241-39ab-11e9-9046-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-559"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…