Versio.io

CVE-2018-17924

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 07-12-2018 03:29
Last modified: - 02-05-2022 09:26
Total changes: - 2

Description

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
None
Integrity
None
Privileges required
Changed
Scope
None
User interaction
8.6
Base score
3.9
4.0
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=rockwellautomation AND product=micrologix_1400_firmware AND version=-
OR
vendor=rockwellautomation AND product=micrologix_1400 AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-enbt_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-enbt AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-eweb_series_a_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-eweb_series_a AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-eweb_series_b_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-eweb_series_b AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en2f_series_a_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-en2f_series_a AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en2f_series_b_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-en2f_series_b AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en2f_series_c_firmware AND versionEndIncluding=10.10
OR
vendor=rockwellautomation AND product=1756-en2f_series_c AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en2t_series_a_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-en2t_series_a AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en2t_series_b_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-en2t_series_b AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en2t_series_c_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-en2t_series_c AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en2t_series_d_firmware AND versionEndIncluding=10.10
OR
vendor=rockwellautomation AND product=1756-en2t_series_d AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en2tr_series_a_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-en2tr_series_a AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en2tr_series_b_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-en2tr_series_b AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en2tr_series_c_firmware AND versionEndIncluding=10.10
OR
vendor=rockwellautomation AND product=1756-en2tr_series_c AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en3tr_series_a_firmware AND version=-
OR
vendor=rockwellautomation AND product=1756-en3tr_series_a AND version=-
AND
OR
vendor=rockwellautomation AND product=1756-en3tr_series_b_firmware AND versionEndIncluding=10.10
OR
vendor=rockwellautomation AND product=1756-en3tr_series_b AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2018-17924

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.