Details of VAR-201603-0334

ID

VAR-201603-0334

TITLE

Rockwell Automation MicroLogix 1200 EtherNetIP Stack Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-01430

DESCRIPTION

Rockwell Automation PLC Micro Logix 1200 is an integrated controller for processors, power supplies, and embedded input and output points. Rockwell Automation PLC Micrologix 1200 uses EthernetIP protocol for industrial control communication. When the length field value of the EthernetIP protocol "NOP" message that communicates with Micrologix 1200 is set to 0x00945, and the connection is repeatedly established with it, the Ethernet protocol stack crashes, but the ping is still reachable. You need to shut down and restart to restore the EtherNetIP service. Allows an attacker to use this vulnerability to launch a denial of service attack

Trust: 0.72

sources: CNVD: CNVD-2016-01430 // IVD: 0d2ef4a8-1e44-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 0d2ef4a8-1e44-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01430

AFFECTED PRODUCTS

vendor:

rockwell

model:

automation plc micrologix

scope:

version:

1200

Trust: 0.8

sources: IVD: 0d2ef4a8-1e44-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01430

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-01430
value:	MEDIUM
Trust: 0.6
IVD:	0d2ef4a8-1e44-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2016-01430
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0d2ef4a8-1e44-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 0d2ef4a8-1e44-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01430

TYPE

Denial of service

Trust: 0.2

sources: IVD: 0d2ef4a8-1e44-11e6-abef-000c29c66e3d

EXTERNAL IDS

db:	CNVD	id:	CNVD-2016-01430	Trust: 0.8
db:	IVD	id:	0D2EF4A8-1E44-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 0d2ef4a8-1e44-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-01430

SOURCES

db:	IVD	id:	0d2ef4a8-1e44-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2016-01430

LAST UPDATE DATE

2022-05-17T02:01:09.654000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-01430

date:

2016-03-03T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	0d2ef4a8-1e44-11e6-abef-000c29c66e3d	date:	2016-03-03T00:00:00
db:	CNVD	id:	CNVD-2016-01430	date:	2016-02-29T00:00:00