CVE-2017-14465
Description
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated attackers can read/write PLC files via CIP PCCC commands, leading to information disclosure, configuration changes, or ladder logic modification.
Vulnerability
The vulnerability is an improper access control (CWE-284) in the file permissions of Allen Bradley Micrologix 1400 Series B firmware versions FRN 21.2 and earlier. Unauthenticated users can read or write data, program, and function files using CIP encapsulated PCCC commands with function codes 0xa1, 0xa2 (read) or 0xa7, 0xa9, 0xaa, 0xab (write). The keyswitch must be in the REMOTE position for the attack to succeed [1].
Exploitation
An attacker with network access to the PLC can send specially crafted unauthenticated CIP PCCC packets. No authentication is required. The keyswitch must be in the REMOTE state. By using the appropriate function codes, the attacker can read sensitive files (e.g., ladder logic, master password) or write malicious data to modify settings or ladder logic [1].
Impact
Successful exploitation allows an attacker to disclose sensitive information (e.g., ladder logic, master password), modify PLC settings (e.g., communication protocols, network configuration), or alter ladder logic, potentially causing unpredictable behavior or device faults. The impact is high across confidentiality, integrity, and availability [1].
Mitigation
As of the publication date (2018-04-05), no firmware update or workaround has been publicly disclosed in the available references [1]. Users should monitor vendor advisories for a patched version. If possible, restrict network access to the PLC and ensure the keyswitch is not left in REMOTE when not needed.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <= FRN 21.2
- Talos/Allen Bradleyv5Range: Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.