CVE-2017-14463
Description
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated attacker can overwrite ladder logic on Allen Bradley MicroLogix 1400 via crafted CIP/PCCC packets, triggering a fault and enabling remote code execution.
Vulnerability
CVE-2017-14463 affects Allen Bradley MicroLogix 1400 Series B FRN 21.2 and prior versions. The vulnerability lies in the file permission handling for data, program, and function files. An attacker can send unauthenticated CIP encapsulated PCCC commands to write to file type 0x22 number 0x02, overwriting the ladder logic data file with null values. This triggers a Non-User fault (fault type 0012) when the keyswitch is in REMOTE or PROG state [1].
Exploitation
The attacker sends a specially crafted packet to the PLC using CIP PCCC write function codes (0xa7, 0xa9, 0xaa, 0xab) targeting the specific ladder logic data file. No authentication is required, and the attacker only needs network access to the device. The keyswitch must be in REMOTE or PROG position for the write to succeed [1].
Impact
Successful exploitation allows the attacker to overwrite the PLC's ladder logic, inserting arbitrary logic or null values that cause a fault state. This results in disruption of the PLC program execution and can lead to denial of service, unauthorized modification of control logic, and potentially enabling further attacks on the industrial process. The vulnerability is rated CVSS 10 (Critical) with network attack vector, no privileges required, and no user interaction [1].
Mitigation
Rockwell Automation has not released a public fix for this version (FRN 21.2 and before). Users should upgrade to a patched firmware revision if available. As a workaround, restrict network access to the PLC using firewalls or VLAN segmentation, and ensure keyswitch is in RUN position when normal operations are active (though this does not protect against all attack vectors). The device is not listed on CISA KEV as of the publication date [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <= FRN 21.2
- Talos/Allen Bradleyv5Range: Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.