CVE-2016-5645

Name of the Vulnerable Software and Affected Versions Rockwell Automation MicroLogix 1400 PLC versions 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, 1766-L32BXBA

Description The issue concerns a hardcoded SNMP community in the affected devices, making it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community.

Recommendations For versions 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, 1766-L32BXBA, consider changing the hardcoded SNMP community string to a unique and secure value to prevent unauthorized access. As a temporary workaround, restrict access to the SNMP service to minimize the risk of exploitation. Avoid using default or easily guessable community strings in the affected devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.