CVE-2017-14470
Description
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is considered NaN for the Float data type. When a float is set to this value and used in the PLC, a fault is triggered. NOTE: This is not possible through RSLogix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated attacker can trigger a fault in Allen Bradley Micrologix 1400 PLCs by writing the NaN float value 0xffffffff, causing denial of service.
Vulnerability
The vulnerability exists in the float data type handling of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. The value 0xffffffff is interpreted as NaN (Not a Number) for the Float data type. When a float is set to this value and used in the PLC, a fault is triggered. This can be achieved by sending unauthenticated CIP encapsulated PCCC commands with write function codes (0xa7, 0xa9, 0xaa, 0xab) to write the NaN value to a float tag. The keyswitch must be in REMOTE, PROG, or RUN state. Note that this is not possible through RSLogix [1].
Exploitation
An attacker with network access to the PLC can send a specially crafted packet containing the NaN float value to a writable float data file. No authentication is required. The attacker uses any of the write function codes to set a float tag to 0xffffffff. The keyswitch must be in REMOTE, PROG, or RUN state. No user interaction is needed [1].
Impact
Successful exploitation triggers a fault in the PLC, causing a denial of service condition. The fault may disrupt normal operation, potentially halting the control logic. The attacker does not gain code execution or data disclosure directly from this specific vulnerability, but the fault can be used to disrupt industrial processes [1].
Mitigation
As of the advisory publication date (2017), no patch has been released for this specific vulnerability. Users should upgrade to a newer firmware version if available. Workarounds include restricting network access to the PLC using firewalls and VLANs, ensuring the keyswitch is in a secure position when not in use, and monitoring for unauthorized CIP commands. The advisory notes that this attack is not possible through RSLogix, so only direct network access is a vector [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <= FRN 21.2
- Talos/Allen Bradleyv5Range: Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.