Detections
Analytics

Rockwell Automation MicroLogix 1100 PLC < Series B FRN 12.0 MitM Replay Authentication Bypass

high Nessus Plugin ID 84568

Language:

Synopsis

The remote web server running on the MicroLogix 1100 PLC is affected by an authentication bypass vulnerability.

Description

The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 12.0. It is, therefore, affected by an authentication bypass vulnerability due to a failure to properly restrict session replays. A man-in-the-middle attacker via HTTP traffic can use a session replay attack to bypass the web server's authentication mechanism.

Note that Nessus has not attempted to exploit this issue but has instead relied only on the self-reported version number.

Solution

Upgrade to MicroLogix 1100 PLC firmware release version Series B FRN 12.0 or later.

See Also

http://www.nessus.org/u?51abd53e

http://www.nessus.org/u?8764efc3

Plugin Details

Severity: High

ID: 84568

File Name: scada_rockwell_micrologix_1100_plc_mitm_470156.nbin

Version: 1.84

Type: remote

Family: SCADA

Published: 7/7/2015

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:micrologix:1100

Required KB Items: SCADA/Rockwell Automation MicroLogix 1100 PLC Web Server

Exploit Ease: No known exploits are available

Patch Publication Date: 7/18/2012

Vulnerability Publication Date: 1/19/2012

Reference Information

CVE: CVE-2012-6440

BID: 57315

ICSA: 13-011-03