VYPR

Micrologix 1400 Firmware

by Rockwellautomation

CVEs (16)

  • CVE-2020-6990CriMar 16, 2020
    risk 0.64cvss 9.8epss 0.04

    Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the…

  • CVE-2015-6490CriOct 28, 2015
    risk 0.64cvss 9.8epss 0.07

    Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2021-33012HigJul 9, 2021
    risk 0.56cvss 8.6epss 0.02

    Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this…

  • CVE-2021-22659HigMar 25, 2021
    risk 0.56cvss 8.6epss 0.02

    Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer…

  • CVE-2018-17924HigDec 7, 2018
    risk 0.56cvss 8.6epss 0.04

    Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even…

  • CVE-2012-6442HigJan 24, 2013
    risk 0.51cvss 7.5epss 0.33

    When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a…

  • CVE-2016-5645HigAug 24, 2016
    risk 0.50cvss 7.3epss 0.29

    Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this…

  • CVE-2020-6988HigMar 16, 2020
    risk 0.49cvss 7.5epss 0.04

    Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the…

  • CVE-2020-6984HigMar 16, 2020
    risk 0.49cvss 7.5epss 0.03

    Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.

  • CVE-2015-6492HigOct 28, 2015
    risk 0.49cvss 7.5epss 0.04

    Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.

  • CVE-2019-10955MedApr 25, 2019
    risk 0.40cvss 6.1epss 0.03

    In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370…

  • CVE-2022-46670Dec 16, 2022
    risk 0.00cvss epss 0.01

    Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution.  The…

  • CVE-2022-3166Dec 16, 2022
    risk 0.00cvss epss 0.01

    Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by…

  • CVE-2015-6491Oct 28, 2015
    risk 0.00cvss epss 0.02

    Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors.

  • CVE-2015-6488Oct 28, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-6486Oct 28, 2015
    risk 0.00cvss epss 0.04

    SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.