CVE-2017-12092

{"id": "CVE-2017-12092", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-06-04T20:29:00.467", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0444", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0444", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable de escritura de archivos en la funcionalidad del m\u00f3dulo de memoria de Allen Bradley Micrologix 1400 Series B FRN, en versiones 21.2 y anteriores. Un paquete especialmente manipulado puede provocar una escritura de archivos, lo que resulta en que se escribe un nuevo programa en el m\u00f3dulo de memoria. Un atacante puede enviar un paquete sin autenticaci\u00f3n para provocar esta vulnerabilidad."}], "lastModified": "2024-11-21T03:08:48.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3CFD00A-A73C-46AA-B6BD-93C44FBCC98F", "versionEndIncluding": "21.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "196EA0BE-FDF3-46BE-B3DA-5F49208C5D80"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}