CVEs-PoC/2017/CVE-2017-14464.md

### [CVE-2017-14464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14464)
![](https://img.shields.io/static/v1?label=Product&message=Allen%20Bradley&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=denial%20of%20service&color=brighgreen)

### Description

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed.

### POC

#### Reference
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443

#### Github
No PoCs found on GitHub currently.