CVE-2017-16740

moderate-risk

Published 2018-01-09

A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

Do I need to act?

0.17% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (6)

1766-L32Bxba Firmware

1766-L32Awa Firmware

1766-L32Bxb Firmware

1766-L32Bwaa Firmware

1766-L32Awaa Firmware

1766-L32Bwa Firmware

Affected Vendors

Rockwellautomation

References (6)

Mitigation http://www.securityfocus.com/bid/102474

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-18-009-01

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1070883

Mitigation http://www.securityfocus.com/bid/102474

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-18-009-01

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1070883

/ 100

moderate-risk

Severity 33/34 · Critical

Exploitability 1/34 · Minimal

Exposure 13/34 · Low