CVE-2021-32926
Last modified
CVE-2021-32926 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition. EPSS estimates a 2.19% chance of exploitation in the next 30 days.
Description
When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Micro800 Firmware | All versions |
| Rockwellautomation | Micrologix 1400 Firmware | >= 21.0 |
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02Third Party Advisory, US Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-32926?
How severe is CVE-2021-32926?
How do I fix CVE-2021-32926?
Are you affected by CVE-2021-32926?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST