Rockwell Automation ControlLogix PLC Improper Authentication

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

N/A

认证机制不恰当

Rockwell Automation ControlLogix 安全绕过漏洞

Rockwell Automation ControlLogix提供工业自动化控制和信息产品。 Rockwell Automation ControlLogix中存在安全绕过漏洞。攻击者利用该漏洞绕过身份验证进程，上传新的固件映像到以太网卡。

N/A

N/A