CVE-2017-14465

Name of the Vulnerable Software and Affected Versions: Allen Bradley Micrologix 1400 Series B versions 21.2 and before

Description: An issue exists in the data, program, and function file permissions functionality, allowing for access control bypass. A specially crafted packet can cause unauthorized read or write operations, potentially leading to disclosure of sensitive information, modification of settings, or modification of ladder logic. This can be triggered by sending unauthenticated packets. The vulnerability can force any input or output, causing unpredictable activity from the PLC.

Recommendations: For Allen Bradley Micrologix 1400 Series B versions 21.2 and before, consider restricting access to the device and implementing additional security measures to prevent unauthorized packet sending until a fix is available. As a temporary workaround, limit the Keyswitch State to prevent remote exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.