ID

VAR-201804-0358


CVE

CVE-2017-12093


TITLE

Allen Bradley Micrologix 1400 Series Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013206

DESCRIPTION

An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. Allen Bradley Micrologix 1400 Series Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AllenBradleyMicrologix1400SeriesB is a programmable logic controller from Rockwell Automation

Trust: 2.43

sources: NVD: CVE-2017-12093 // JVNDB: JVNDB-2017-013206 // CNVD: CNVD-2018-07285 // IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 // VULHUB: VHN-102581

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 // CNVD: CNVD-2018-07285

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:micrologix 1400 bscope:lteversion:21.2

Trust: 1.0

vendor:rockwell automationmodel:micrologix 1400scope:lteversion:b 21.2

Trust: 0.8

vendor:rockwellmodel:automation allen bradley micrologix series bscope:eqversion:1400<=21.2

Trust: 0.6

vendor:rockwellautomationmodel:micrologix 1400 bscope:eqversion:21.2

Trust: 0.6

vendor:micrologix 1400 bmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 // CNVD: CNVD-2018-07285 // JVNDB: JVNDB-2017-013206 // CNNVD: CNNVD-201804-251 // NVD: CVE-2017-12093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12093
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2017-12093
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12093
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-07285
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201804-251
value: MEDIUM

Trust: 0.6

IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-102581
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12093
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-07285
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-102581
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12093
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-12093
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2017-12093
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 // CNVD: CNVD-2018-07285 // VULHUB: VHN-102581 // JVNDB: JVNDB-2017-013206 // CNNVD: CNNVD-201804-251 // NVD: CVE-2017-12093 // NVD: CVE-2017-12093

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-102581 // JVNDB: JVNDB-2017-013206 // NVD: CVE-2017-12093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-251

TYPE

Resource management error

Trust: 0.8

sources: IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 // CNNVD: CNNVD-201804-251

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013206

PATCH

title:MicroLogix 1400 プログラマブル・ロジック・コントローラ・システムurl:https://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-1400

Trust: 0.8

title:RockwellAutomationAllenBradleyMicrologix1400SeriesB Resource Pool Insufficient Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/125125

Trust: 0.6

title:Rockwell Automation Allen Bradley Micrologix 1400 Series B Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=83093

Trust: 0.6

sources: CNVD: CNVD-2018-07285 // JVNDB: JVNDB-2017-013206 // CNNVD: CNNVD-201804-251

EXTERNAL IDS

db:NVDid:CVE-2017-12093

Trust: 3.3

db:TALOSid:TALOS-2017-0445

Trust: 3.1

db:CNVDid:CNVD-2018-07285

Trust: 0.8

db:CNNVDid:CNNVD-201804-251

Trust: 0.8

db:ICS CERTid:ICSA-18-095-01

Trust: 0.8

db:JVNDBid:JVNDB-2017-013206

Trust: 0.8

db:IVDid:E2EAF2B1-39AB-11E9-BA42-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-102581

Trust: 0.1

sources: IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 // CNVD: CNVD-2018-07285 // VULHUB: VHN-102581 // JVNDB: JVNDB-2017-013206 // CNNVD: CNNVD-201804-251 // NVD: CVE-2017-12093

REFERENCES

url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0445

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12093

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12093

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-18-095-01

Trust: 0.8

url:https://talosintelligence.com/vulnerability_reports/talos-2017-0445

Trust: 0.6

sources: CNVD: CNVD-2018-07285 // VULHUB: VHN-102581 // JVNDB: JVNDB-2017-013206 // CNNVD: CNNVD-201804-251 // NVD: CVE-2017-12093

SOURCES

db:IVDid:e2eaf2b1-39ab-11e9-ba42-000c29342cb1
db:CNVDid:CNVD-2018-07285
db:VULHUBid:VHN-102581
db:JVNDBid:JVNDB-2017-013206
db:CNNVDid:CNNVD-201804-251
db:NVDid:CVE-2017-12093

LAST UPDATE DATE

2024-11-23T21:38:55.070000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-07285date:2018-04-10T00:00:00
db:VULHUBid:VHN-102581date:2023-01-28T00:00:00
db:JVNDBid:JVNDB-2017-013206date:2018-07-04T00:00:00
db:CNNVDid:CNNVD-201804-251date:2023-02-01T00:00:00
db:NVDid:CVE-2017-12093date:2024-11-21T03:08:48.920

SOURCES RELEASE DATE

db:IVDid:e2eaf2b1-39ab-11e9-ba42-000c29342cb1date:2018-04-10T00:00:00
db:CNVDid:CNVD-2018-07285date:2018-04-10T00:00:00
db:VULHUBid:VHN-102581date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2017-013206date:2018-06-06T00:00:00
db:CNNVDid:CNNVD-201804-251date:2018-04-05T00:00:00
db:NVDid:CVE-2017-12093date:2018-04-05T21:29:00.460