ID
VAR-201804-0358
CVE
CVE-2017-12093
TITLE
Allen Bradley Micrologix 1400 Series Resource management vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2017-013206
DESCRIPTION
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. Allen Bradley Micrologix 1400 Series Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AllenBradleyMicrologix1400SeriesB is a programmable logic controller from Rockwell Automation
Trust: 2.43
sources:
NVD: CVE-2017-12093 //
JVNDB: JVNDB-2017-013206 //
CNVD: CNVD-2018-07285 //
IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 //
VULHUB: VHN-102581
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
sources:
IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 //
CNVD: CNVD-2018-07285
AFFECTED PRODUCTS
| vendor: | rockwellautomation | model: | micrologix 1400 b | scope: | lte | version: | 21.2 | Trust: 1.0 |
| vendor: | rockwell automation | model: | micrologix 1400 | scope: | lte | version: | b 21.2 | Trust: 0.8 |
| vendor: | rockwell | model: | automation allen bradley micrologix series b | scope: | eq | version: | 1400<=21.2 | Trust: 0.6 |
| vendor: | rockwellautomation | model: | micrologix 1400 b | scope: | eq | version: | 21.2 | Trust: 0.6 |
| vendor: | micrologix 1400 b | model: | - | scope: | eq | version: | * | Trust: 0.2 |
sources:
IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 //
CNVD: CNVD-2018-07285 //
JVNDB: JVNDB-2017-013206 //
CNNVD: CNNVD-201804-251 //
NVD: CVE-2017-12093
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 //
CNVD: CNVD-2018-07285 //
VULHUB: VHN-102581 //
JVNDB: JVNDB-2017-013206 //
CNNVD: CNNVD-201804-251 //
NVD: CVE-2017-12093 //
NVD: CVE-2017-12093
PROBLEMTYPE DATA
| problemtype: | CWE-400 | Trust: 1.1 |
| problemtype: | CWE-399 | Trust: 0.9 |
sources:
VULHUB: VHN-102581 //
JVNDB: JVNDB-2017-013206 //
NVD: CVE-2017-12093
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201804-251
TYPE
Resource management error
Trust: 0.8
sources:
IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 //
CNNVD: CNNVD-201804-251
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-013206
PATCH
| title: | MicroLogix 1400 プログラマブル・ロジック・コントローラ・システム | url: | https://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-1400 | Trust: 0.8 |
| title: | RockwellAutomationAllenBradleyMicrologix1400SeriesB Resource Pool Insufficient Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/125125 | Trust: 0.6 |
| title: | Rockwell Automation Allen Bradley Micrologix 1400 Series B Remediation of resource management error vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=83093 | Trust: 0.6 |
sources:
CNVD: CNVD-2018-07285 //
JVNDB: JVNDB-2017-013206 //
CNNVD: CNNVD-201804-251
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-12093 | Trust: 3.3 |
| db: | TALOS | id: | TALOS-2017-0445 | Trust: 3.1 |
| db: | CNVD | id: | CNVD-2018-07285 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201804-251 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-18-095-01 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2017-013206 | Trust: 0.8 |
| db: | IVD | id: | E2EAF2B1-39AB-11E9-BA42-000C29342CB1 | Trust: 0.2 |
| db: | VULHUB | id: | VHN-102581 | Trust: 0.1 |
sources:
IVD: e2eaf2b1-39ab-11e9-ba42-000c29342cb1 //
CNVD: CNVD-2018-07285 //
VULHUB: VHN-102581 //
JVNDB: JVNDB-2017-013206 //
CNNVD: CNNVD-201804-251 //
NVD: CVE-2017-12093
REFERENCES
| url: | https://www.talosintelligence.com/vulnerability_reports/talos-2017-0445 | Trust: 3.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-12093 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12093 | Trust: 0.8 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-18-095-01 | Trust: 0.8 |
| url: | https://talosintelligence.com/vulnerability_reports/talos-2017-0445 | Trust: 0.6 |
sources:
CNVD: CNVD-2018-07285 //
VULHUB: VHN-102581 //
JVNDB: JVNDB-2017-013206 //
CNNVD: CNNVD-201804-251 //
NVD: CVE-2017-12093
SOURCES
| db: | IVD | id: | e2eaf2b1-39ab-11e9-ba42-000c29342cb1 |
| db: | CNVD | id: | CNVD-2018-07285 |
| db: | VULHUB | id: | VHN-102581 |
| db: | JVNDB | id: | JVNDB-2017-013206 |
| db: | CNNVD | id: | CNNVD-201804-251 |
| db: | NVD | id: | CVE-2017-12093 |
LAST UPDATE DATE
2024-11-23T21:38:55.070000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-07285 | date: | 2018-04-10T00:00:00 |
| db: | VULHUB | id: | VHN-102581 | date: | 2023-01-28T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-013206 | date: | 2018-07-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-201804-251 | date: | 2023-02-01T00:00:00 |
| db: | NVD | id: | CVE-2017-12093 | date: | 2024-11-21T03:08:48.920 |
SOURCES RELEASE DATE
| db: | IVD | id: | e2eaf2b1-39ab-11e9-ba42-000c29342cb1 | date: | 2018-04-10T00:00:00 |
| db: | CNVD | id: | CNVD-2018-07285 | date: | 2018-04-10T00:00:00 |
| db: | VULHUB | id: | VHN-102581 | date: | 2018-04-05T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-013206 | date: | 2018-06-06T00:00:00 |
| db: | CNNVD | id: | CNNVD-201804-251 | date: | 2018-04-05T00:00:00 |
| db: | NVD | id: | CVE-2017-12093 | date: | 2018-04-05T21:29:00.460 |