30 March 2018

New vulnerabilities in Allen Bradley MicroLogix 1400 PLCs

Cisco Talos experts have published a report on new vulnerabilities in Allen Bradley MicroLogix 1400 series programmable logic controllers by Rockwell Automation. If exploited, the vulnerabilities could enable attackers to modify PLC configuration and ladder logic, overwrite or delete data in an affected device’s memory module or conduct DoS attacks.

The following devices are affected by the vulnerabilities:

  • Allen-Bradley Micrologix 1400 Series B FRN 21.003
  • Allen-Bradley Micrologix 1400 Series B FRN 21.002
  • Allen-Bradley Micrologix 1400 Series B FRN 21.0
  • Allen-Bradley Micrologix 1400 Series B FRN 15.

Since affected devices are widely used in industrial environments, exploitation of these vulnerabilities could have significant consequences.

Multiple improper access control vulnerabilities (CVE-2017-14462 – CVE-2017-14473) constitute the greatest threat. If exploited, they could enable an unauthorized remote attacker to gain access to important information and to modify the device’s settings or ladder logic by sending specially crafted packets. The CVSS v.3 base score calculated for these vulnerabilities is 10 – the highest score possible.

Critical issues (CVSS v.3 base score 8.6) also include DoS vulnerabilities – CVE-2017-12088, CVE-2017-12089, and CVE-2017-12090, which could lead to equipment failure and the deletion of ladder logic.

Additionally the vulnerabilities CVE-2017-12092 and CVE-2017-12093, which have low and medium severity ratings, respectively, enable an attacker to write new programs to the memory module, to break established connections and block new legitimate connections with the device.

To close these vulnerabilities, Cisco Talos experts recommend updating the firmware on each device to the latest version.

Source: Cisco Talos