Vulnerability CVE-2018-17924


Published: 2018-12-07

Description:
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.

Type:

CWE-306

(Missing Authentication for Critical Function)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Rockwellautomation -> Micrologix 1400 firmware 
Rockwellautomation -> 1756-en2f series a firmware 
Rockwellautomation -> 1756-en2f series b firmware 
Rockwellautomation -> 1756-en2f series c firmware 
Rockwellautomation -> 1756-en2t series a firmware 
Rockwellautomation -> 1756-en2t series b firmware 
Rockwellautomation -> 1756-en2t series c firmware 
Rockwellautomation -> 1756-en2t series d firmware 
Rockwellautomation -> 1756-en2tr series a firmware 
Rockwellautomation -> 1756-en2tr series b firmware 
Rockwellautomation -> 1756-en2tr series c firmware 
Rockwellautomation -> 1756-en3tr series a firmware 
Rockwellautomation -> 1756-en3tr series b firmware 
Rockwellautomation -> 1756-enbt firmware 
Rockwellautomation -> 1756-eweb series a firmware 
Rockwellautomation -> 1756-eweb series b firmware 

 References:
http://www.securityfocus.com/bid/106132
https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02

Copyright 2022, cxsecurity.com

 

Back to Top