CVE-2017-12093

Name of the Vulnerable Software and Affected Versions Allen Bradley Micrologix 1400 Series B Firmware versions 21.2 and before

Description The issue is related to an insufficient resource pool in the session communication functionality. It can be triggered by a specially crafted stream of packets, causing a flood of the session resource pool. This results in legitimate connections to the PLC being disconnected. An attacker can exploit this by sending unauthenticated packets.

Recommendations For Allen Bradley Micrologix 1400 Series B Firmware versions 21.2 and before, consider restricting access to the session communication functionality until a fix is available. As a temporary workaround, implement measures to limit the impact of unauthenticated packet floods on the session resource pool. At the moment, there is no information about a newer version that contains a fix for this vulnerability.