CVE-2021-33012 — HIGH (8.6)

Vulnerability Description

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will cause the controller to fault whenever the controller is switched to RUN mode.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rockwellautomation	Micrologix 1100 Firmware	All versions
Rockwellautomation	Micrologix 1100	-

Related Weaknesses (CWE)

CWE-20

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-189-01Third Party AdvisoryUS Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-189-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2021-33012?

CVE-2021-33012 is a vulnerability with a CVSS score of 8.6 (HIGH). Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, w...

How severe is CVE-2021-33012?

CVE-2021-33012 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-33012?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Micrologix 1100 Firmware, Rockwellautomation Micrologix 1100.