CVE-2017-12088

Name of the Vulnerable Software and Affected Versions Allen Bradley Micrologix 1400 Series B versions 21.2 and below

Description A denial of service issue exists in the Ethernet functionality, allowing an attacker to send a specially crafted packet that can cause a device power cycle. This results in a fault state and deletion of ladder logic. The attack can be triggered by sending one unauthenticated packet.

Recommendations For versions 21.2 and below, consider restricting access to the Ethernet functionality until a fix is available. As a temporary workaround, implement network segmentation to limit the exposure of affected devices to untrusted networks.