Rockwell Automation MicroLogix 1100 PLC < Series B FRN 13.0 Multiple Vulnerabilities

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The MicroLogix 1100 PLC is affected by multiple vulnerabilities.

Description :

The Rockwell Automation MicroLogix 1100 PLC integrated web server has
a firmware version that is prior to Series B FRN 13.0. It is,
therefore, affected by multiple vulnerabilities :

- An improper access control vulnerability exists when
sending a 'stop' command, which causes a denial of
service condition leaving the device in an unresponsive
state, resulting in a loss of availability for any
device connected to the MicroLogix 1100 PLC.
(CVE-2012-6435)

- An improper validation vulnerability exists when the
device attempts to parse a CIP packet sent to affected
ports, which causes a buffer overflow that crashes the
device's CPU, resulting in a loss of availability for
any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6436)

- An improper authentication vulnerability exists in the
module providing source and data authentication, which
can allow a remote attacker to upload an arbitrary
firmware image to the ethernet card, resulting in the
execution of code or causing a denial of service and a
loss of availability for any device connected to the
MicroLogix 1100 PLC. (CVE-2012-6437)

- An improper validation vulnerability exists when the
device attempts to parse a malformed CIP packet, which
causes an overflow condition in the network interface
card (NIC), resulting in a denial of service condition
and a loss of availability for any device connected to
the MicroLogix 1100 PLC. (CVE-2012-6438)

- An improper access control vulnerability exists when
parsing a CIP message that changes the device's network
or configuration parameters, resulting in a denial of
service condition and a loss of communication for any
device connected to the MicroLogix 1100 PLC.
(CVE-2012-6439)

- An information exposure vulnerability exists when
sending a 'dump' command, which results in the improper
disclosure of boot code information from the MicroLogix
1100 PLC. (CVE-2012-6441)

- An improper access control vulnerability exists when
sending a 'reset' command, which causes a denial of
service condition leaving the device in an unresponsive
state, resulting in a loss of availability for any
device connected to the MicroLogix 1100 PLC.
(CVE-2012-6442)

See also :

http://www.nessus.org/u?7437094d
http://www.nessus.org/u?411feaaa
http://www.nessus.org/u?8764efc3

Solution :

Upgrade to MicroLogix 1100 PLC firmware release version Series B FRN
13.0 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now