Description
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445
Scores
CVSS v3
5.3
EPSS
0.0236
EPSS Percentile
85.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-400
Status
published
Products (1)
rockwellautomation/micrologix_1400_b_firmware
< 21.2
Published
Apr 05, 2018
Tracked Since
Feb 18, 2026