CVE-2021-32926

Name of the Vulnerable Software and Affected Versions Micro800 versions All MicroLogix 1400 versions 21 and later

Description This issue allows an attacker to intercept and replace a legitimate new password hash with an illegitimate one during an authenticated password change request. This results in a denial-of-service condition, where the user can no longer authenticate to the controller.

Recommendations For Micro800, to resolve the issue, update to a version that includes the fix for this problem, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For MicroLogix 1400 versions 21 and later, consider applying configuration changes or workarounds to minimize the risk of exploitation, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.