Rockwell Automation MicroLogix 1100 PLC < Series B FRN 13.0 Multiple Vulnerabilities

critical Nessus Plugin ID 84567

Synopsis

The MicroLogix 1100 PLC is affected by multiple vulnerabilities.

Description

The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 13.0. It is, therefore, affected by multiple vulnerabilities :

- An improper access control vulnerability exists when sending a 'stop' command, which causes a denial of service condition leaving the device in an unresponsive state, resulting in a loss of availability for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6435)

- An improper validation vulnerability exists when the device attempts to parse a CIP packet sent to affected ports, which causes a buffer overflow that crashes the device's CPU, resulting in a loss of availability for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6436)

- An improper authentication vulnerability exists in the module providing source and data authentication, which can allow a remote attacker to upload an arbitrary firmware image to the ethernet card, resulting in the execution of code or causing a denial of service and a loss of availability for any device connected to the MicroLogix 1100 PLC. (CVE-2012-6437)

- An improper validation vulnerability exists when the device attempts to parse a malformed CIP packet, which causes an overflow condition in the network interface card (NIC), resulting in a denial of service condition and a loss of availability for any device connected to the MicroLogix 1100 PLC. (CVE-2012-6438)

- An improper access control vulnerability exists when parsing a CIP message that changes the device's network or configuration parameters, resulting in a denial of service condition and a loss of communication for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6439)

- An information exposure vulnerability exists when sending a 'dump' command, which results in the improper disclosure of boot code information from the MicroLogix 1100 PLC. (CVE-2012-6441)

- An improper access control vulnerability exists when sending a 'reset' command, which causes a denial of service condition leaving the device in an unresponsive state, resulting in a loss of availability for any device connected to the MicroLogix 1100 PLC.
(CVE-2012-6442)

Solution

Upgrade to MicroLogix 1100 PLC firmware release version Series B FRN 13.0 or later.

See Also

http://www.nessus.org/u?99ae98df

http://www.nessus.org/u?d41f0fc1

http://www.nessus.org/u?8764efc3

Plugin Details

Severity: Critical

ID: 84567

File Name: scada_rockwell_micrologix_1100_plc_dos_470154.nbin

Version: 1.86

Type: remote

Family: SCADA

Published: 7/7/2015

Updated: 7/17/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:micrologix:1100

Required KB Items: SCADA/Rockwell Automation MicroLogix 1100 PLC Web Server

Exploit Ease: No known exploits are available

Patch Publication Date: 7/18/2012

Vulnerability Publication Date: 1/19/2012

Reference Information

CVE: CVE-2012-6435, CVE-2012-6436, CVE-2012-6437, CVE-2012-6438, CVE-2012-6439, CVE-2012-6441, CVE-2012-6442

BID: 57306, 57307, 57308, 57309, 57310, 57311, 57317

ICSA: 13-011-03