CVE-2021-22659

HIGH

Rockwell Automation MicroLogix 1400 <21.6 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-033-01

Scores

CVSS v3 8.6
EPSS 0.0172
EPSS Percentile 74.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-120
Status published
Products (2)
None/Rockwell Automation MicroLogix 1400 MicroLogix 1400, All series Version 21.6 and below
rockwellautomation/micrologix_1400_firmware < 21.6
Published Mar 25, 2021
Tracked Since Feb 18, 2026