CVE-2017-14469
Description
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated attacker can read or write arbitrary PLC files on Allen Bradley MicroLogix 1400 via CIP commands, leading to info disclosure, config changes, or ladder logic modification.
Vulnerability
The vulnerability exists in the data, program, and function file permissions of Allen Bradley MicroLogix 1400 Series B FRN 21.2 and earlier (including 21.0 and 15). The device does not enforce access control on file operations via CIP encapsulated PCCC commands, allowing any unauthenticated network user to read or write files. The required keyswitch state is REMOTE or PROG [1].
Exploitation
An attacker can send unauthenticated CIP encapsulated PCCC packets using function codes for reading (0xa1, 0xa2) or writing (0xa7, 0xa9, 0xaa, 0xab) to any file on the PLC. No authentication or prior knowledge is needed; the attacker only needs network access to the device. By writing invalid values 0x01 or 0x02 to the user fault routine file, a fault is triggered when the device moves to run state (fault code 0028). This is not possible through RSLogix [1].
Impact
A successful attack leads to disclosure of sensitive information (e.g., ladder logic, master password), modification of device settings (e.g., network configuration, enabling protocols), or modification of ladder logic programs. The attacker can cause device faults that halt operation, potentially disrupting industrial processes. The CVSSv3 score is 10.0 due to network exploitability, no privileges required, and high impact on confidentiality, integrity, and availability [1].
Mitigation
Rockwell Automation has not released a firmware update that addresses this vulnerability as of the publication date. Users should isolate affected devices (MicroLogix 1400 Series B FRN 21.2 and earlier) on a separate network segment, restrict network access using firewalls or VPNs, and monitor for unauthorized CIP traffic. The device is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of writing [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <= FRN 21.2
- Talos/Allen Bradleyv5Range: Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.