PT-2021-20019 · Rockwell Automation · Micrologix 1100
Beau Taub
·
Published
2021-07-09
·
Updated
2021-07-12
·
CVE-2021-33012
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Rockwell Automation MicroLogix 1100, all versions
Description
The issue allows a remote, unauthenticated attacker to send specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, resulting in a denial-of-service condition. If successfully exploited, this will cause the controller to fault whenever the controller is switched to RUN mode.
Recommendations
For Rockwell Automation MicroLogix 1100, all versions, consider temporarily restricting access to the controller when switching to RUN mode until a patch is available. As a mitigation measure, restrict the ability to send specially crafted commands to the PLC to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Micrologix 1100