Details of VAR-201708-1569

ID

VAR-201708-1569

TITLE

Rockwell Automation Allen-Bradley Micro850 PLC Has Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-23436

DESCRIPTION

Allen-Bradley Micro850 is a programmable logic controller (PLC) from Rockwell Automation, Inc. The Rockwell Allen-Bradley Micro850 PLC has a Gratuitous ARP denial of service vulnerability. By sending two consecutive ARP requests to the Micro850 PLC, the ARP Sender IP address and ARP Target IP address are both Micro850 PLC IP addresses. An attacker could exploit the vulnerability to cause the Micro850 PLC network. Failure, can not work normally, need to restart the PLC after power off to restore normal

Trust: 0.72

sources: CNVD: CNVD-2017-23436 // IVD: 3b5da00c-1b46-4967-992d-5f8dcea92fba

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 3b5da00c-1b46-4967-992d-5f8dcea92fba // CNVD: CNVD-2017-23436

AFFECTED PRODUCTS

vendor:	rockwell	model:	automation allen-bradley micro850 plc	scope:	-	version:	-	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micro850 plc	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 3b5da00c-1b46-4967-992d-5f8dcea92fba // CNVD: CNVD-2017-23436

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-23436
value:	HIGH
Trust: 0.6
IVD:	3b5da00c-1b46-4967-992d-5f8dcea92fba
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2017-23436
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	3b5da00c-1b46-4967-992d-5f8dcea92fba
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 3b5da00c-1b46-4967-992d-5f8dcea92fba // CNVD: CNVD-2017-23436

TYPE

Denial of service

Trust: 0.2

sources: IVD: 3b5da00c-1b46-4967-992d-5f8dcea92fba

EXTERNAL IDS

db:	CNVD	id:	CNVD-2017-23436	Trust: 0.8
db:	IVD	id:	3B5DA00C-1B46-4967-992D-5F8DCEA92FBA	Trust: 0.2

sources: IVD: 3b5da00c-1b46-4967-992d-5f8dcea92fba // CNVD: CNVD-2017-23436

SOURCES

db:	IVD	id:	3b5da00c-1b46-4967-992d-5f8dcea92fba
db:	CNVD	id:	CNVD-2017-23436

LAST UPDATE DATE

2022-05-17T01:50:56.755000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-23436

date:

2017-09-05T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	3b5da00c-1b46-4967-992d-5f8dcea92fba	date:	2017-08-28T00:00:00
db:	CNVD	id:	CNVD-2017-23436	date:	2017-08-28T00:00:00