MicroLogix 1400 PLC Web Server Request Handling RCE

critical Nessus Plugin ID 91385

Synopsis

The remote programmable logic controller (PLC) device is affected by a remote code execution vulnerability.

Description

The firmware installed on the remote Allen-Bradley MicroLogix 1400 PLC device is a version prior to 15.004. It is, therefore, affected by a stack-based buffer overflow condition due to improper validation of user-supplied input when handling web requests. An unauthenticated, remote attacker can exploit this to cause a denial of service or to execute arbitrary code.

Solution

Upgrade to the latest firmware version. Alternatively, block all ports from external networks. See the vendor for further details.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03A

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-225-02A

http://www.nessus.org/u?e8ec3436

Plugin Details

Severity: Critical

ID: 91385

File Name: scada_RA_76326_1400.nbin

Version: 1.80

Type: remote

Family: SCADA

Published: 5/31/2016

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-6490

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:rockwellautomation:ab_micrologix_controller:1400

Required KB Items: www/80/Rockwell Automation MicroLogix 1400 PLC Web Server/version, www/80/Rockwell Automation MicroLogix 1400 PLC Web Server/name, www/80/Rockwell Automation MicroLogix 1400 PLC Web Server/os

Exploit Ease: No known exploits are available

Patch Publication Date: 11/2/2015

Vulnerability Publication Date: 10/26/2015

Reference Information

CVE: CVE-2015-6490

BID: 77333