MicroLogix 1400 PLC Web Server Request Handling RCE
Critical Nessus Plugin ID 91385
SynopsisThe remote programmable logic controller (PLC) device is affected by a remote code execution vulnerability.
DescriptionThe firmware installed on the remote Allen-Bradley MicroLogix 1400 PLC device is a version prior to 15.004. It is, therefore, affected by a stack-based buffer overflow condition due to improper validation of user-supplied input when handling web requests. An unauthenticated, remote attacker can exploit this to cause a denial of service or to execute arbitrary code.
SolutionUpgrade to the latest firmware version. Alternatively, block all ports from external networks. See the vendor for further details.