Intrusion PreventionRockwell.Automation.MicroLogix.1400.Privilege.Escalation
Description
This indicates detection of a Security Bypass vulnerability in Allen-Bradley Rockwell Automation MicroLogix 1400 Programmable Logic Controller (PLC) Systems.
The vulnerability is due to a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community. Remote attackers can obtain access to the device with this SNMP community by sending a special request to a specified UDP port.
Affected Products
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA devices
Rockwell Automation MicroLogix 1400 PLC 1766-L32AWA devices
Rockwell Automation MicroLogix 1400 PLC 1766-L32BXB devices
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWAA devices
Rockwell Automation MicroLogix 1400 PLC 1766-L32AWAA devices
Rockwell Automation MicroLogix 1400 PLC 1766-L32BXBA devices
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Due to the nature of this product's firmware update process, this capability cannot be removed from the product.
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 43629 |
| Created | Feb 15, 2017 |
| Updated | Jul 27, 2023 |
| Risk |
|
| CVE ID | CVE-2016-5645 |
| Exploit Prediction Score | 13.5% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | SCADA |