This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote web server running on the MicroLogix 1100 PLC is affected
by an authentication bypass vulnerability.
The Rockwell Automation MicroLogix 1100 PLC integrated web server has
a firmware version that is prior to Series B FRN 12.0. It is,
therefore, affected by an authentication bypass vulnerability due to a
failure to properly restrict session replays. A man-in-the-middle
attacker via HTTP traffic can use a session replay attack to bypass
the web server's authentication mechanism.
Note that Nessus has not attempted to exploit this issue but has
instead relied only on the self-reported version number.
See also :
Upgrade to MicroLogix 1100 PLC firmware release version Series B FRN
12.0 or later.
Risk factor :
High / CVSS Base Score : 9.3