Sign-up

ID

VAR-201410-1157


CVE

CVE-2014-5410


TITLE

Rockwell Micrologix 1400 DNP3 Denial of service vulnerability

Trust: 0.8

sources: IVD: ccdd94f0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06674

DESCRIPTION

The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell Micrologix 1400 DNP3 is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users

Trust: 2.7

sources: NVD: CVE-2014-5410 // JVNDB: JVNDB-2014-004524 // CNVD: CNVD-2014-06674 // BID: 70194 // IVD: ccdd94f0-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-73351

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ccdd94f0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06674

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:ab micrologix controllerscope:eqversion:1400

Trust: 1.6

vendor:rockwell automationmodel:allen-bradley micrologix 1400 controllerscope:lteversion:1766-lxxxxx series a frn 7

Trust: 0.8

vendor:rockwell automationmodel:allen-bradley micrologix 1400 controllerscope:lteversion:1766-lxxxxx series b frn 15.000

Trust: 0.8

vendor:rockwellmodel:automation micrologix dnp3scope:eqversion:1400

Trust: 0.6

vendor:rockwellmodel:automation micrologix 1766-lxxxxx series b frnscope:eqversion:140015.000

Trust: 0.3

vendor:rockwellmodel:automation micrologix 1766-lxxxxx series a frnscope:eqversion:14007

Trust: 0.3

vendor:rockwellmodel:automation micrologix 1766-lxxxxx series b frnscope:neversion:140015.001

Trust: 0.3

vendor:ab micrologix controllermodel: - scope:eqversion:1400

Trust: 0.2

sources: IVD: ccdd94f0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06674 // BID: 70194 // JVNDB: JVNDB-2014-004524 // CNNVD: CNNVD-201410-076 // NVD: CVE-2014-5410

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5410
value: HIGH

Trust: 1.0

NVD: CVE-2014-5410
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-06674
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201410-076
value: HIGH

Trust: 0.6

IVD: ccdd94f0-2351-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-73351
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-5410
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-06674
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ccdd94f0-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-73351
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: ccdd94f0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06674 // VULHUB: VHN-73351 // JVNDB: JVNDB-2014-004524 // CNNVD: CNNVD-201410-076 // NVD: CVE-2014-5410

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-73351 // JVNDB: JVNDB-2014-004524 // NVD: CVE-2014-5410

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-076

TYPE

Resource management error

Trust: 0.8

sources: IVD: ccdd94f0-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201410-076

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004524

PATCH
title:Top Pageurl:http://www.rockwellautomation.com/
Trust: 0.8
title:トップページurl:http://www.rockwellautomation.com/jpn/overview.page
Trust: 0.8
title:Rockwell Micrologix 1400 DNP3 Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/50783
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-06674 // 
            
            
            
            JVNDB: JVNDB-2014-004524

EXTERNAL IDS
db:NVDid:CVE-2014-5410
Trust: 3.6
db:ICS CERTid:ICSA-14-254-02
Trust: 3.4
db:BIDid:70194
Trust: 1.0
db:CNNVDid:CNNVD-201410-076
Trust: 0.9
db:CNVDid:CNVD-2014-06674
Trust: 0.8
db:JVNDBid:JVNDB-2014-004524
Trust: 0.8
db:IVDid:CCDD94F0-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-73351
Trust: 0.1
sources:
            
            
            IVD: ccdd94f0-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-06674 // 
            
            
            
            VULHUB: VHN-73351 // 
            
            
            
            BID: 70194 // 
            
            
            
            JVNDB: JVNDB-2014-004524 // 
            
            
            
            CNNVD: CNNVD-201410-076 // 
            
            
            
            NVD: CVE-2014-5410

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-14-254-02
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5410
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5410
Trust: 0.8
url:http://www.rockwellautomation.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-06674 // 
            
            
            
            VULHUB: VHN-73351 // 
            
            
            
            BID: 70194 // 
            
            
            
            JVNDB: JVNDB-2014-004524 // 
            
            
            
            CNNVD: CNNVD-201410-076 // 
            
            
            
            NVD: CVE-2014-5410

CREDITS
Matthew Luallen of CYBATI.
Trust: 0.3
sources:
            
            
            BID: 70194

SOURCES
db:IVDid:ccdd94f0-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-06674
db:VULHUBid:VHN-73351
db:BIDid:70194
db:JVNDBid:JVNDB-2014-004524
db:CNNVDid:CNNVD-201410-076
db:NVDid:CVE-2014-5410

LAST UPDATE DATE
2025-04-12T23:27:41.512000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-06674date:2014-10-14T00:00:00
db:VULHUBid:VHN-73351date:2014-10-06T00:00:00
db:BIDid:70194date:2014-09-30T00:00:00
db:JVNDBid:JVNDB-2014-004524date:2014-10-07T00:00:00
db:CNNVDid:CNNVD-201410-076date:2014-10-10T00:00:00
db:NVDid:CVE-2014-5410date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:ccdd94f0-2351-11e6-abef-000c29c66e3ddate:2014-10-14T00:00:00
db:CNVDid:CNVD-2014-06674date:2014-10-13T00:00:00
db:VULHUBid:VHN-73351date:2014-10-03T00:00:00
db:BIDid:70194date:2014-09-30T00:00:00
db:JVNDBid:JVNDB-2014-004524date:2014-10-07T00:00:00
db:CNNVDid:CNNVD-201410-076date:2014-10-10T00:00:00
db:NVDid:CVE-2014-5410date:2014-10-03T18:55:06.077