### [CVE-2017-14464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14464)
![](https://img.shields.io/static/v1?label=Product&message=Allen%20Bradley&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Allen%20Bradley%20Micrologix%201400%20Series%20B%20FRN%2021.2%2C%20Allen%20Bradley%20Micrologix%201400%20Series%20B%20FRN%2021.0%2C%20Allen%20Bradley%20Micrologix%201400%20Series%20B%20FRN%2015%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=denial%20of%20service&color=brightgreen)

### Description

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed.

### POC

#### Reference
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443

#### Github
- https://github.com/ARPSyndicate/cve-scores