Detections
Analytics
Rockwell Automation/Allen-Bradley CompactLogix and Compact GuardLogix <= 30.014 Improper Input Validation (ICSA-18-172-02)
high Nessus Network Monitor Plugin ID 720132
Synopsis
Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley CompactLogix and Compact GuardLogix devices causes a denial of service.Description
Successful exploitation of this vulnerability could result in a denial-of-service condition. As a result, the controller goes into a Major Non-Recoverable Fault (MNRF) state, which is considered safe. However, recovery requires the user to download the application program again.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
http://www.securityfocus.com/bid/104528,https://ics-cert.us-cert.gov/advisories/ICSA-18-172-02
Plugin Details
Severity: High
ID: 720132
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 6/21/2018
Vulnerability Publication Date: 6/21/2018
Reference Information
CVE: CVE-2017-9312
BID: 104528