Vulnerability Details CVE-2021-22659
Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.5%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 7.5
References
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129877/loc/en_US#__highlight
- https://us-cert.cisa.gov/ics/advisories/icsa-21-033-01
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129877/loc/en_US#__highlight
- https://us-cert.cisa.gov/ics/advisories/icsa-21-033-01
Products affected by CVE-2021-22659
-
cpe:2.3:h:rockwellautomation:micrologix_1400:-
-
cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:-
-
cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:21.0
-
cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:21.6