CVE-2021-32926
HIGHRockwell Automation Micro800/MicroLogix 1400 DoS via Password Change Interception
Title source: llmDescription
When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02
Scores
CVSS v3
7.5
EPSS
0.0013
EPSS Percentile
31.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-300
Status
published
Products (2)
rockwellautomation/micro800_firmware
rockwellautomation/micrologix_1400_firmware
21.0
Published
Jun 03, 2021
Tracked Since
Feb 18, 2026