CVE-2018-17924 — HIGH (8.6)

Q: How severe is CVE-2018-17924?

CVE-2018-17924 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-17924?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Micrologix 1400 Firmware, Rockwellautomation Micrologix 1400, Rockwellautomation 1756-Enbt Firmware, Rockwellautomation 1756-Enbt, Rockwellautomation 1756-Eweb Series A Firmware.

Vulnerability Description

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rockwellautomation	Micrologix 1400 Firmware	-
Rockwellautomation	Micrologix 1400	-
Rockwellautomation	1756-Enbt Firmware	-
Rockwellautomation	1756-Enbt	-
Rockwellautomation	1756-Eweb Series A Firmware	-
Rockwellautomation	1756-Eweb Series A	-
Rockwellautomation	1756-Eweb Series B Firmware	-
Rockwellautomation	1756-Eweb Series B	-
Rockwellautomation	1756-En2F Series A Firmware	-
Rockwellautomation	1756-En2F Series A	-
Rockwellautomation	1756-En2F Series B Firmware	-
Rockwellautomation	1756-En2F Series B	-
Rockwellautomation	1756-En2F Series C Firmware	<= 10.10
Rockwellautomation	1756-En2F Series C	-
Rockwellautomation	1756-En2T Series A Firmware	-
Rockwellautomation	1756-En2T Series A	-
Rockwellautomation	1756-En2T Series B Firmware	-
Rockwellautomation	1756-En2T Series B	-
Rockwellautomation	1756-En2T Series C Firmware	-
Rockwellautomation	1756-En2T Series C	-

Related Weaknesses (CWE)

CWE-306

References

http://www.securityfocus.com/bid/106132Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02MitigationThird Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/106132Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-17924?

CVE-2018-17924 is a vulnerability with a CVSS score of 8.6 (HIGH). Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon...

How severe is CVE-2018-17924?

CVE-2018-17924 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-17924?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Micrologix 1400 Firmware, Rockwellautomation Micrologix 1400, Rockwellautomation 1756-Enbt Firmware, Rockwellautomation 1756-Enbt, Rockwellautomation 1756-Eweb Series A Firmware.