Rockwell Automation MicroLogix 1100 PLC < Series B FRN 12.0 MitM Replay Authentication Bypass

High Nessus Plugin ID 84568


The remote web server running on the MicroLogix 1100 PLC is affected by an authentication bypass vulnerability.


The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 12.0. It is, therefore, affected by an authentication bypass vulnerability due to a failure to properly restrict session replays. A man-in-the-middle attacker via HTTP traffic can use a session replay attack to bypass the web server's authentication mechanism.

Note that Nessus has not attempted to exploit this issue but has instead relied only on the self-reported version number.


Upgrade to MicroLogix 1100 PLC firmware release version Series B FRN 12.0 or later.

See Also

Plugin Details

Severity: High

ID: 84568

File Name: scada_rockwell_micrologix_1100_plc_mitm_470156.nbin

Version: $Revision: 1.23 $

Type: remote

Family: SCADA

Published: 2015/07/07

Modified: 2018/01/29

Dependencies: 84569

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:micrologix:1100

Required KB Items: SCADA/Rockwell Automation MicroLogix 1100 PLC Web Server

Patch Publication Date: 2012/07/18

Vulnerability Publication Date: 2012/01/19

Reference Information

CVE: CVE-2012-6440

BID: 57315

OSVDB: 89127

ICSA: 13-011-03