CVE-2021-32926

Опубликовано: 03 июн. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02
Third Party Advisory
US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:rockwellautomation:micro800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micro800:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*

Версия от 21.0 (включая)

cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00129

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-300

NVD-CWE-Other

Связанные уязвимости

GHSA-h2f7-g9rh-rr7g