CVE-2021-32926
Summary
| CVE | CVE-2021-32926 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-03 13:15:00 UTC |
| Updated | 2022-10-25 19:34:00 UTC |
| Description | When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Rockwellautomation | Micro800 | - | All | All | All |
| Operating System | Rockwellautomation | Micro800 Firmware | All | All | All | All |
| Hardware | Rockwellautomation | Micrologix 1400 | - | All | All | All |
| Operating System | Rockwellautomation | Micrologix 1400 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Rockwell Automation Micro800 and MicroLogix 1400 | CISA | MISC | us-cert.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590757 Rockwell Automation Micro800 and MicroLogix 1400 Vulnerability (ICSA-21-145-02)