CVE-2017-12093

An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*

History

28 Jan 2023, 01:41

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 5.3

Information

Published : 2018-04-05 21:29

Updated : 2023-12-10 12:30


NVD link : CVE-2017-12093

Mitre link : CVE-2017-12093

CVE.ORG link : CVE-2017-12093


JSON object : View

Products Affected

rockwellautomation

  • micrologix_1400
  • micrologix_1400_b_firmware
CWE
CWE-400

Uncontrolled Resource Consumption