VAR-201812-0141
Vulnerability from variot - Updated: 2023-12-18 13:56Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address. Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules Is vulnerable to a lack of authentication for critical functions.Service operation interruption (DoS) There is a possibility of being put into a state. Rockwell Automation MicroLogix 1400 Controllers Series A, etc. are programmable logic controllers of Rockwell Automation in the United States. An attacker can exploit this issue to modify system settings to cause a denial-of-service condition. The following products are vulnerable: MicroLogix 1400 Controllers 1756 ControlLogix EtherNet/IP Communications Modules. The following products and versions are affected: MicroLogix 1400 Controllers Series A (all versions), Series B 21.003 and earlier, Series C 21.003 and earlier; 1756-ENBT (all versions), 1756-EWEB Series A (all versions), 1756 -EWEB Series B (all versions), 1756-EN2F Series A (all versions), 1756-EN2F Series B (all versions), 1756-EN2F Series C 10.10 and earlier, 1756-EN2T Series A (all versions), 1756 -EN2T Series B (all versions), 1756-EN2T Series C (all versions), 1756-EN2T 10.10 and earlier, 1756-EN2TR Series A (all versions), 1756-EN2TR Series B (all versions), Series C 10.10 1756-EN3TR Series A (all versions), 1756-EN3TR Series B 10.10 and earlier (1756 ControlLogix EtherNet/IP communication module)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0141",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "1756-en2tr series b",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2t series b",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en3tr series a",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2tr series a",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2t series c",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2t series a",
"scope": "eq",
"trust": 1.6,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-eweb series b",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-eweb series a",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2f series a",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2f series b",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2f series c",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en3tr series b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-enbt",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": null
},
{
"model": "1756-en2tr series c",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en2t series d",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en2f series",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-en2t series",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-en2tr series",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-en3tr series",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-enbt",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "1756-eweb series",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "micrologix 1400",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation micrologix controllers series a",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "automation series b",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=21.003"
},
{
"model": "automation series c",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=21.003"
},
{
"model": "automation 1756-en2f series c",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=10.10"
},
{
"model": "automation 1756-en2f series b",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-en2f series a",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-eweb series b",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-eweb series a",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-enbt",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-en2tr series a",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-en2tr series b",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation series c",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=10.10"
},
{
"model": "automation 1756-en3tr series a",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"model": "automation 1756-en3tr series b",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=10.10"
},
{
"model": "1756-en2f series c",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en2tr series c",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en3tr series b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "1756-en2t series d",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "10.10"
},
{
"model": "automation 1756-en3tr series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "10.10"
},
{
"model": "automation 1756-en3tr series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2tr series c",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "10.10"
},
{
"model": "automation 1756-en2tr series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2tr series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation 1756-en2t series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation micrologix controllers series c",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "140021.003"
},
{
"model": "automation micrologix controllers series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "140021.003"
},
{
"model": "automation micrologix controllers series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "14000"
},
{
"model": "automation 1756-eweb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "0"
},
{
"model": "automation 1756-en2t series d",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "10.10"
},
{
"model": "automation 1756-en2t series c",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "0"
},
{
"model": "automation 1756-en2t series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "0"
},
{
"model": "automation 1756-en2f series c",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "10.10"
},
{
"model": "automation 1756-en2f series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "0"
},
{
"model": "automation 1756-en2f series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "0"
},
{
"model": "automation controllogix ethernet/ip communications modules",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "17560"
},
{
"model": "automation micrologix controllers 1766-lxxx series b frn",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140021.004"
},
{
"model": "automation controllogix ethernet/ip communications modules frn",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "175611.001"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "BID",
"id": "106132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-enbt_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-eweb_series_a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-eweb_series_a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-eweb_series_b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-eweb_series_b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2f_series_a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2f_series_a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2f_series_b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2f_series_b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2f_series_c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2f_series_c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2t_series_a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2t_series_a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2t_series_b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2t_series_b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2t_series_c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2t_series_c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2t_series_d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2t_series_d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2tr_series_a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2tr_series_a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2tr_series_b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2tr_series_b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en2tr_series_c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en2tr_series_c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en3tr_series_a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en3tr_series_a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:1756-en3tr_series_b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rockwellautomation:1756-en3tr_series_b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Noren",
"sources": [
{
"db": "BID",
"id": "106132"
}
],
"trust": 0.3
},
"cve": "CVE-2018-17924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17924",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38702",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-128432",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17924",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17924",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38702",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-279",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-128432",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "VULHUB",
"id": "VHN-128432"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address. Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules Is vulnerable to a lack of authentication for critical functions.Service operation interruption (DoS) There is a possibility of being put into a state. Rockwell Automation MicroLogix 1400 Controllers Series A, etc. are programmable logic controllers of Rockwell Automation in the United States. \nAn attacker can exploit this issue to modify system settings to cause a denial-of-service condition. \nThe following products are vulnerable:\nMicroLogix 1400 Controllers\n1756 ControlLogix EtherNet/IP Communications Modules. The following products and versions are affected: MicroLogix 1400 Controllers Series A (all versions), Series B 21.003 and earlier, Series C 21.003 and earlier; 1756-ENBT (all versions), 1756-EWEB Series A (all versions), 1756 -EWEB Series B (all versions), 1756-EN2F Series A (all versions), 1756-EN2F Series B (all versions), 1756-EN2F Series C 10.10 and earlier, 1756-EN2T Series A (all versions), 1756 -EN2T Series B (all versions), 1756-EN2T Series C (all versions), 1756-EN2T 10.10 and earlier, 1756-EN2TR Series A (all versions), 1756-EN2TR Series B (all versions), Series C 10.10 1756-EN3TR Series A (all versions), 1756-EN3TR Series B 10.10 and earlier (1756 ControlLogix EtherNet/IP communication module)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "BID",
"id": "106132"
},
{
"db": "VULHUB",
"id": "VHN-128432"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17924",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-310-02",
"trust": 2.8
},
{
"db": "BID",
"id": "106132",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38702",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98844",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-128432",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "VULHUB",
"id": "VHN-128432"
},
{
"db": "BID",
"id": "106132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"id": "VAR-201812-0141",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "VULHUB",
"id": "VHN-128432"
}
],
"trust": 1.4113095285714286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
}
]
},
"last_update_date": "2023-12-18T13:56:50.180000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/global/overview.page"
},
{
"title": "Patch for Multiple Rockwell Automation products denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/225433"
},
{
"title": "Multiple Rockwell Automation Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87546"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128432"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-310-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106132"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17924"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17924"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "VULHUB",
"id": "VHN-128432"
},
{
"db": "BID",
"id": "106132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"db": "VULHUB",
"id": "VHN-128432"
},
{
"db": "BID",
"id": "106132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"date": "2018-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-128432"
},
{
"date": "2018-12-06T00:00:00",
"db": "BID",
"id": "106132"
},
{
"date": "2019-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"date": "2018-12-07T14:29:00.663000",
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"date": "2018-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38702"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-128432"
},
{
"date": "2018-12-06T00:00:00",
"db": "BID",
"id": "106132"
},
{
"date": "2019-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013002"
},
{
"date": "2022-05-02T19:26:00.733000",
"db": "NVD",
"id": "CVE-2018-17924"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules Vulnerabilities related to lack of authentication for critical functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013002"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-279"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…