Summary
Detail | |||
---|---|---|---|
Vendor | Rockwellautomation | First view | 2018-12-07 |
Product | 1756-Eweb Series A Firmware | Last view | 2018-12-07 |
Version | - | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:rockwellautomation:1756-eweb_series_a_firmware |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.6 | 2018-12-07 | CVE-2018-17924 | Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-306 | Missing Authentication for Critical Function |