Sign-up

ID

VAR-201804-0384


CVE

CVE-2017-14473


TITLE

Allen Bradley Micrologix 1400 Series B FRN Access control vulnerability

Trust: 0.8

sources: IVD: e2ec5242-39ab-11e9-9528-000c29342cb1 // CNVD: CNVD-2018-08276

DESCRIPTION

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its data file and print it out in HEX. The AllenBradley Micrologix 1400 SeriesBFRN is a programmable logic controller from Rockwell Automation

Trust: 2.43

sources: NVD: CVE-2017-14473 // JVNDB: JVNDB-2017-013222 // CNVD: CNVD-2018-08276 // IVD: e2ec5242-39ab-11e9-9528-000c29342cb1 // VULHUB: VHN-105199

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2ec5242-39ab-11e9-9528-000c29342cb1 // CNVD: CNVD-2018-08276

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:micrologix 1400 bscope:lteversion:21.2

Trust: 1.0

vendor:rockwell automationmodel:allen-bradley micrologixscope:lteversion:1400 series b frn 21.2

Trust: 0.8

vendor:rockwellmodel:automation allen bradley micrologix series b frnscope:eqversion:1400<=21.2

Trust: 0.6

vendor:rockwellautomationmodel:micrologix 1400 bscope:eqversion:21.2

Trust: 0.6

vendor:micrologix 1400 bmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2ec5242-39ab-11e9-9528-000c29342cb1 // CNVD: CNVD-2018-08276 // JVNDB: JVNDB-2017-013222 // CNNVD: CNNVD-201709-548 // NVD: CVE-2017-14473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14473
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2017-14473
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-14473
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-08276
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-548
value: CRITICAL

Trust: 0.6

IVD: e2ec5242-39ab-11e9-9528-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-105199
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-14473
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08276
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2ec5242-39ab-11e9-9528-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-105199
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14473
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2017-14473
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 1.0

sources: IVD: e2ec5242-39ab-11e9-9528-000c29342cb1 // CNVD: CNVD-2018-08276 // VULHUB: VHN-105199 // JVNDB: JVNDB-2017-013222 // CNNVD: CNNVD-201709-548 // NVD: CVE-2017-14473 // NVD: CVE-2017-14473

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-105199 // JVNDB: JVNDB-2017-013222 // NVD: CVE-2017-14473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-548

TYPE

Access control error

Trust: 0.8

sources: IVD: e2ec5242-39ab-11e9-9528-000c29342cb1 // CNNVD: CNNVD-201709-548

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013222

PATCH
title:MicroLogix 1400 Programmable Logic Controller Systemsurl:https://ab.rockwellautomation.com/Programmable-Controllers/MicroLogix-1400
Trust: 0.8
title:Patch for AllenBradleyMicrologix1400SeriesBFRN Access Control Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/126979
Trust: 0.6
title:Rockwell Automation Allen Bradley Micrologix 1400 Series B Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100044
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08276 // 
            
            
            
            JVNDB: JVNDB-2017-013222 // 
            
            
            
            CNNVD: CNNVD-201709-548

EXTERNAL IDS
db:NVDid:CVE-2017-14473
Trust: 3.3
db:TALOSid:TALOS-2017-0443
Trust: 3.1
db:CNNVDid:CNNVD-201709-548
Trust: 0.9
db:CNVDid:CNVD-2018-08276
Trust: 0.8
db:JVNDBid:JVNDB-2017-013222
Trust: 0.8
db:IVDid:E2EC5242-39AB-11E9-9528-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-105199
Trust: 0.1
sources:
            
            
            IVD: e2ec5242-39ab-11e9-9528-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-08276 // 
            
            
            
            VULHUB: VHN-105199 // 
            
            
            
            JVNDB: JVNDB-2017-013222 // 
            
            
            
            CNNVD: CNNVD-201709-548 // 
            
            
            
            NVD: CVE-2017-14473

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0443
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14473
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14473
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0443
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08276 // 
            
            
            
            VULHUB: VHN-105199 // 
            
            
            
            JVNDB: JVNDB-2017-013222 // 
            
            
            
            CNNVD: CNNVD-201709-548 // 
            
            
            
            NVD: CVE-2017-14473

SOURCES
db:IVDid:e2ec5242-39ab-11e9-9528-000c29342cb1
db:CNVDid:CNVD-2018-08276
db:VULHUBid:VHN-105199
db:JVNDBid:JVNDB-2017-013222
db:CNNVDid:CNNVD-201709-548
db:NVDid:CVE-2017-14473

LAST UPDATE DATE
2024-11-23T21:39:27.713000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08276date:2018-04-25T00:00:00
db:VULHUBid:VHN-105199date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-013222date:2018-06-07T00:00:00
db:CNNVDid:CNNVD-201709-548date:2022-04-20T00:00:00
db:NVDid:CVE-2017-14473date:2024-11-21T03:12:51.763

SOURCES RELEASE DATE
db:IVDid:e2ec5242-39ab-11e9-9528-000c29342cb1date:2018-04-25T00:00:00
db:CNVDid:CNVD-2018-08276date:2018-04-25T00:00:00
db:VULHUBid:VHN-105199date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2017-013222date:2018-06-07T00:00:00
db:CNNVDid:CNNVD-201709-548date:2017-09-14T00:00:00
db:NVDid:CVE-2017-14473date:2018-04-05T21:29:01.193