CVE-2021-22659

Summary

Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user.

Affected Software

VendorProductVersion RangeStatus
n/aRockwell Automation MicroLogix 1400MicroLogix 1400, All series Version 21.6 and belowaffected

Weaknesses

  • CWE-120: CLASSIC BUFFER OVERFLOW CWE-120

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References