CVE-2021-33012

Summary

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will cause the controller to fault whenever the controller is switched to RUN mode.

Affected Software

VendorProductVersion RangeStatus
n/aRockwell Automation MicroLogix 1100All Versionsaffected

Weaknesses

  • CWE-20: IMPROPER INPUT VALIDATION CWE-20

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References