Allen-Bradley (AB) MicroLogix 1400 PLC Series Vulnerabilities
The Cisco Talos team issued a notice that Allen-Bradley (AB) MicroLogix 1400 PLC series had multiple vulnerabilities, including high-risk access control vulnerabilities, and the attackers could use these vulnerabilities to perform denial of service attacks on the affected devices.
Vulnerabilities are summarized in the following table:
| CVE number | Vulnerability name | Affected equipment | CVSS 3.0 |
| CVE-2017-12088 | Ethernet Card Packet Denial of Service Vulnerabilities | Allen Bradley Micrologix 1400 Series B FRN 21.2 and below | 8.6 |
| CVE-2017-12089 | Ladder logic program download device failure denial of service vulnerability | 8.6 | |
| CVE-2017-12090 | SNMP Set Handling Abnormal Behavior Sequence Denial of Service Vulnerabilities | 7.7 | |
| CVE-2017-12092 | Memory Module Stored Program File Write Vulnerability | 3.7 | |
| CVE-2017-12093 | Resource Pool Denial of Service Vulnerabilities | 5.3 | |
| CVE-2017-14462~
CVE-2017-14473 |
Access control vulnerability | 10.0 |
It is recommended to monitor traffic through the Micrologix 1400 and other sensitive hosts. In addition, reasonable network isolation is required to ensure that unauthorized users cannot access the PLC.
