CVE-2017-14467

Name of the Vulnerable Software and Affected Versions: Allen Bradley Micrologix 1400 Series B versions 21.2 and before

Description: The issue allows for unauthorized access and modification of sensitive information due to improper access control in the data, program, and function file permissions functionality. An attacker can send specially crafted, unauthenticated packets to trigger the issue, resulting in the disclosure of sensitive information, modification of settings, or modification of ladder logic. This can be achieved by making live rung edits, allowing for the addition, deletion, or modification of existing ladder logic. Additionally, faults and CPU state modification can be triggered if specific ladder logic is used.

Recommendations: For Allen Bradley Micrologix 1400 Series B versions 21.2 and before, consider restricting access to the device to prevent unauthenticated packets from being sent, and limit live rung edits to authenticated users only. As a temporary workaround, consider disabling remote access until a patch is available.