Sign-up

ID

VAR-201806-0158


CVE

CVE-2017-12092


TITLE

Allen Bradley Micrologix 1400 Series B Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-013843

DESCRIPTION

An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability. Rockwell Automation MicroLogix 1400 FRN and MicroLogix 1100 FRN are both programmable logic controller products from Rockwell Automation. An attacker could exploit the vulnerability to manipulate the controller to write programs to a memory module

Trust: 2.43

sources: NVD: CVE-2017-12092 // JVNDB: JVNDB-2017-013843 // CNVD: CNVD-2018-07286 // IVD: e2eb40cf-39ab-11e9-a2d1-000c29342cb1 // VULHUB: VHN-102580

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2eb40cf-39ab-11e9-a2d1-000c29342cb1 // CNVD: CNVD-2018-07286

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:micrologix 1400 bscope:lteversion:21.2

Trust: 1.0

vendor:rockwell automationmodel:micrologix 1400 bscope:lteversion:frn 21.2

Trust: 0.8

vendor:rockwellmodel:automation micrologix frnscope:eqversion:1400<=21.003

Trust: 0.6

vendor:rockwellmodel:automation micrologix frnscope:eqversion:1100<=16.00

Trust: 0.6

vendor:rockwellautomationmodel:micrologix 1400 bscope:eqversion:21.2

Trust: 0.6

vendor:micrologix 1400 bmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2eb40cf-39ab-11e9-a2d1-000c29342cb1 // CNVD: CNVD-2018-07286 // JVNDB: JVNDB-2017-013843 // CNNVD: CNNVD-201804-409 // NVD: CVE-2017-12092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12092
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-12092
value: LOW

Trust: 1.0

NVD: CVE-2017-12092
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-07286
value: LOW

Trust: 0.6

CNNVD: CNNVD-201804-409
value: HIGH

Trust: 0.6

IVD: e2eb40cf-39ab-11e9-a2d1-000c29342cb1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-102580
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12092
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-07286
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2eb40cf-39ab-11e9-a2d1-000c29342cb1
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-102580
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12092
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2017-12092
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: IVD: e2eb40cf-39ab-11e9-a2d1-000c29342cb1 // CNVD: CNVD-2018-07286 // VULHUB: VHN-102580 // JVNDB: JVNDB-2017-013843 // CNNVD: CNNVD-201804-409 // NVD: CVE-2017-12092 // NVD: CVE-2017-12092

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-102580 // JVNDB: JVNDB-2017-013843 // NVD: CVE-2017-12092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-409

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-409

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013843

PATCH
title:Top Pageurl:https://www.rockwellautomation.com/site-selection.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-013843

EXTERNAL IDS
db:NVDid:CVE-2017-12092
Trust: 3.3
db:TALOSid:TALOS-2017-0444
Trust: 2.5
db:ICS CERTid:ICSA-18-095-01
Trust: 1.4
db:CNNVDid:CNNVD-201804-409
Trust: 0.9
db:CNVDid:CNVD-2018-07286
Trust: 0.8
db:JVNDBid:JVNDB-2017-013843
Trust: 0.8
db:IVDid:E2EB40CF-39AB-11E9-A2D1-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-102580
Trust: 0.1
sources:
            
            
            IVD: e2eb40cf-39ab-11e9-a2d1-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-07286 // 
            
            
            
            VULHUB: VHN-102580 // 
            
            
            
            JVNDB: JVNDB-2017-013843 // 
            
            
            
            CNNVD: CNNVD-201804-409 // 
            
            
            
            NVD: CVE-2017-12092

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0444
Trust: 1.9
url:https://ics-cert.us-cert.gov/advisories/icsa-18-095-01
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12092
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12092
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0444
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-07286 // 
            
            
            
            VULHUB: VHN-102580 // 
            
            
            
            JVNDB: JVNDB-2017-013843 // 
            
            
            
            CNNVD: CNNVD-201804-409 // 
            
            
            
            NVD: CVE-2017-12092

SOURCES
db:IVDid:e2eb40cf-39ab-11e9-a2d1-000c29342cb1
db:CNVDid:CNVD-2018-07286
db:VULHUBid:VHN-102580
db:JVNDBid:JVNDB-2017-013843
db:CNNVDid:CNNVD-201804-409
db:NVDid:CVE-2017-12092

LAST UPDATE DATE
2024-11-23T21:38:55.002000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-07286date:2018-04-10T00:00:00
db:VULHUBid:VHN-102580date:2018-08-01T00:00:00
db:JVNDBid:JVNDB-2017-013843date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201804-409date:2022-04-20T00:00:00
db:NVDid:CVE-2017-12092date:2024-11-21T03:08:48.807

SOURCES RELEASE DATE
db:IVDid:e2eb40cf-39ab-11e9-a2d1-000c29342cb1date:2018-04-10T00:00:00
db:CNVDid:CNVD-2018-07286date:2018-04-10T00:00:00
db:VULHUBid:VHN-102580date:2018-06-04T00:00:00
db:JVNDBid:JVNDB-2017-013843date:2018-08-16T00:00:00
db:CNNVDid:CNNVD-201804-409date:2018-04-09T00:00:00
db:NVDid:CVE-2017-12092date:2018-06-04T20:29:00.467