{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Allen-Bradley MicroLogix 1400", "vendor": "Rockwell Automation", "versions": [ { "lessThanOrEqual": "1766-Lxxxxx Series A FRN 7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "1766-Lxxxxx Series B FRN 15.000", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "unaffected", "version": "Series B FRN 15.001 or higher" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Matthew Luallen of CYBATI" } ], "datePublic": "2014-09-30T06:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line.

" } ], "value": "The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line." } ], "metrics": [ { "cvssV2_0": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-11-04T22:30:19.113Z" }, "references": [ { "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/620295" }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-254-02" }, { "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-254-02.json" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

Rockwell Automation has released a new version of MicroLogix 1400 \nSeries B firmware to address the vulnerability and reduce associated \nrisk to successful exploitation. Subsequent versions of MicroLogix 1400 \nSeries B firmware and newer will incorporate these same enhancements.

\n

Rockwell Automation recommends the following immediate mitigation \nstrategies (when possible, multiple strategies should be employed \nsimultaneously):

\n\n

http://www.rockwellautomation.com/rockwellautomation/support/pcdc.page

\n\n\n

Please refer to Rockwell Automation’s product disclosure (AID 620295) for more information on this topic available at:

\n

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/620295

\n\n
" } ], "value": "Rockwell Automation has released a new version of MicroLogix 1400 \nSeries B firmware to address the vulnerability and reduce associated \nrisk to successful exploitation. Subsequent versions of MicroLogix 1400 \nSeries B firmware and newer will incorporate these same enhancements.\n\n\nRockwell Automation recommends the following immediate mitigation \nstrategies (when possible, multiple strategies should be employed \nsimultaneously):\n\n\n\n * Upgrade all MicroLogix 1400 Series B controllers to Series B FRN \n15.001 or higher. Current firmware for the MicroLogix 1400 Series B \nplatform can be obtained at the following web address:\n\n\n\n\n http://www.rockwellautomation.com/rockwellautomation/support/pcdc.page \n\n\n\n\nPlease refer to Rockwell Automation’s product disclosure (AID 620295) for more information on this topic available at:\n\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/620295" } ], "source": { "advisory": "ICSA-14-254-02", "discovery": "EXTERNAL" }, "title": "Rockwell Automation Micrologix 1400 Improper Input Validation", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

Users with Series A and Series B controllers are also recommended to apply the following risk mitigations:

\n\n

          *Note: Ports 20000/TCP and 20000/UDP are factory defaults \nas per the DNP3 specification but can be reconfigured by the product \nowner.

\n\n

Please refer to Rockwell Automation’s product disclosure (AID 620295) for more information on this topic available at:

\n

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/620295

\n\n
" } ], "value": "Users with Series A and Series B controllers are also recommended to apply the following risk mitigations:\n\n\n\n * Do not enable DNP3 communication in the product unless required.\n\n * Where appropriate, prohibit DNP3 communication that originates \noutside the perimeter of the manufacturing zone from entry into the zone\n by blocking communication directed at Ethernet communication Port \n20000/TCP* and 20000/UDP* using appropriate security technology (e.g., a\n firewall, UTM devices, or other security appliance)\n\n\n\n\n          *Note: Ports 20000/TCP and 20000/UDP are factory defaults \nas per the DNP3 specification but can be reconfigured by the product \nowner.\n\n\n\n * Employ firewalls with ingress/egress filtering, intrusion \ndetection/prevention systems, and validate all configurations. Evaluate \nfirewall configurations to ensure other appropriate inbound and outbound\n traffic is blocked.\n\n * Restrict physical and electronic access to automation products, \nnetworks, and systems to only those individuals authorized to be in \ncontact with control system equipment.\n * Employ layered security, defense-in-depth methods and network \nsegregation and segmentation practices in system design to restrict and \ncontrol access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html http://www.ab.com/networks/architectures.html%20  for comprehensive information about implementing validated architectures designed to deliver these measures.\n\n\n\n\nPlease refer to Rockwell Automation’s product disclosure (AID 620295) for more information on this topic available at:\n\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/620295" } ], "x_generator": { "engine": "Vulnogram 0.5.0" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-5410", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-02" } ] } } }, "adp": [ { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:41:49.068Z" }, "title": "CVE Program Container", "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-02" } ] } ] }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-5410", "datePublished": "2014-10-03T18:00:00.000Z", "dateReserved": "2014-08-22T00:00:00.000Z", "dateUpdated": "2025-11-04T22:30:19.113Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.2" }