CVE-2017-14466

Name of the Vulnerable Software and Affected Versions: Allen Bradley Micrologix 1400 Series B FRN versions 21.2 and before

Description: The issue concerns a problem with access control in the data, program, and function file permissions functionality. This can be exploited by sending specially crafted packets, potentially leading to the disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can trigger this issue by sending unauthenticated packets when the Keyswitch State is set to REMOTE or PROG. Specifically, the filetype 0x03 allows users to have write access, enabling the overwrite of the Master Password value stored in the file.

Recommendations: For Allen Bradley Micrologix 1400 Series B FRN versions 21.2 and before, consider restricting access to the filetype 0x03 to prevent unauthorized write operations until a fix is available. Additionally, limiting the Keyswitch State to prevent REMOTE or PROG access can help mitigate the risk of exploitation.