Rockwell Automation/Allen-Bradley MicroLogix 1400 Series A <= 7 and Series B <= 15.000 DNP3 Remote DoS

high Nessus Network Monitor Plugin ID 64

Synopsis

A Rockwell Automation/Allen-Bradley MicroLogix 1400 Programmable Logic Controller (PLC) has been detected

Description

Rockwell Automation/Allen-Bradley MicroLogix 1400 programmable logic controllers (PLCs) contain a denial of service vulnerability related to the DNP3 protocol stack. Successful exploitation of this vulnerability results in the PLC becoming non-responsive, and recovery requires a power cycle. This vulnerability can be exploited by sending a series of malformed DNP3 packets to the MicroLogix 1400's DNP3 interface. The MicroLogix 1400's DNP3 interface can be either a serial or Ethernet port. Note that DNP3 is disabled by default in MicroLogix 1400 PLCs and that this vulnerability can be exploited only in devices that have DNP3 enabled.

Solution

Upgrade the firmware of MicroLogix 1400 Series B PLCs to 15.001.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-14-254-02

Plugin Details

Severity: High

ID: 64

Family: SCADA

Published: 5/21/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/h:rockwellautomation:ab_micrologix_controller:1400

Patch Publication Date: 9/30/2014

Vulnerability Publication Date: 9/30/2014

Reference Information

CVE: CVE-2014-5410

BID: 70194