CVE-2021-32926

EPSS 0.1%
Published 03.06.2021 13:15:07
Last modified 21.11.2024 06:07:56
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Rockwellautomation ≫ Micro800 Firmware

Rockwellautomation ≫ Micro800 Version-

Rockwellautomation ≫ Micrologix 1400 Firmware Version >= 21.0

Rockwellautomation ≫ Micrologix 1400 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.273

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-300 Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-32926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32926

EUVD