CVE-2021-22659

Name of the Vulnerable Software and Affected Versions Rockwell Automation MicroLogix 1400 versions 21.6 and below

Description The issue allows a remote unauthenticated attacker to send a specially crafted Modbus packet, enabling the retrieval or modification of random values in the register. Successful exploitation may lead to a buffer overflow, resulting in a denial-of-service condition. The FAULT LED will flash RED, and communications may be lost. Recovery from the denial-of-service condition requires the fault to be cleared by the user.

Recommendations For Rockwell Automation MicroLogix 1400 versions 21.6 and below, update to a version above 21.6 to resolve the issue. As a temporary workaround, consider restricting access to the Modbus protocol to minimize the risk of exploitation.