Rockwell Automation MicroLogix 1100 PLC < FRN 10.0 Authentication Mechanism DoS
Critical Nessus Plugin ID 84570
SynopsisThe remote web server running on the MicroLogix 1100 PLC is affected by a denial of service vulnerability in the web server's password mechanism.
DescriptionThe Rockwell Automation MicroLogix 1100 PLC integrated web server is a firmware version that is prior to FRN 10.0. It is, therefore, affected by a denial of service vulnerability due to a failure of the authentication mechanism to properly handle remote connections or commands. A remote attacker can exploit this, using a crafted request, to cause the product to enter a predefined fault mode, resulting in the device being reset to a factory-default state.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the self-reported version number.
SolutionUpgrade to MicroLogix 1100 PLC firmware release version FRN 10.0 or later.