Rockwell Automation MicroLogix 1100 PLC < Series B FRN 12.0 MitM Replay Authentication Bypass

high Nessus Plugin ID 84568

Synopsis

The remote web server running on the MicroLogix 1100 PLC is affected by an authentication bypass vulnerability.

Description

The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 12.0. It is, therefore, affected by an authentication bypass vulnerability due to a failure to properly restrict session replays. A man-in-the-middle attacker via HTTP traffic can use a session replay attack to bypass the web server's authentication mechanism.

Note that Nessus has not attempted to exploit this issue but has instead relied only on the self-reported version number.

Solution

Upgrade to MicroLogix 1100 PLC firmware release version Series B FRN 12.0 or later.

See Also

http://www.nessus.org/u?51abd53e

http://www.nessus.org/u?8764efc3

Plugin Details

Severity: High

ID: 84568

File Name: scada_rockwell_micrologix_1100_plc_mitm_470156.nbin

Version: 1.86

Type: remote

Family: SCADA

Published: 7/7/2015

Updated: 7/17/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:micrologix:1100

Required KB Items: SCADA/Rockwell Automation MicroLogix 1100 PLC Web Server

Exploit Ease: No known exploits are available

Patch Publication Date: 7/18/2012

Vulnerability Publication Date: 1/19/2012

Reference Information

CVE: CVE-2012-6440

BID: 57315

ICSA: 13-011-03