{
  "id": "CVE-2017-14469",
  "sourceIdentifier": "talos-cna@cisco.com",
  "published": "2018-04-05T21:29:00.977",
  "lastModified": "2022-04-19T19:15:18.093",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de control de acceso explotable en la funcionalidad de permisos de archivos de datos, programas y funciones de Allen Bradley Micrologix 1400 Serie B FRN 21.2 y anteriores. Un paquete especialmente dise\u00f1ado puede causar una operaci\u00f3n de lectura o escritura que resulte en la divulgaci\u00f3n de informaci\u00f3n sensible, la modificaci\u00f3n de la configuraci\u00f3n o la modificaci\u00f3n de la l\u00f3gica de escalera. Un atacante puede enviar paquetes no autentificados para activar esta vulnerabilidad. Estado del interruptor de llave requerido: REMOTO o PROG C\u00f3digo de fallo asociado: 0028 Tipo de fallo: No Usuario Descripci\u00f3n: Los valores 0x01 y 0x02 son valores no v\u00e1lidos para la rutina de fallos de usuario. Escribiendo directamente en el archivo es posible establecer estos valores. Cuando se hace esto y el dispositivo pasa a un estado de ejecuci\u00f3n, se dispara un fallo. NOTA: Esto no es posible a trav\u00e9s de RSLogix"
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      },
      {
        "source": "talos-cna@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "21.2",
              "matchCriteriaId": "E3CFD00A-A73C-46AA-B6BD-93C44FBCC98F"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "196EA0BE-FDF3-46BE-B3DA-5F49208C5D80"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443",
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}