What is CVE-2021-22659?

CVE-2021-22659 is a high-severity vulnerability in Rockwellautomation Micrologix_1400, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 8.6/10. Published 2021-03-25.

How severe is CVE-2021-22659?

High severity. CVSS v3 base score is 8.6 out of 10.

Buffer overflow in Rockwellautomation Micrologix_1400

CVE-2021-22659

Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exp…

Vulnerability class: Buffer Overflow

EPSS: 0.004 (59.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H.

Affected products

Rockwellautomation Micrologix_1400
Rockwellautomation Micrologix_1400_firmware
N/a Rockwell Automation Micrologix 1400 — versions MicroLogix 1400, All series Version 21.6 and below

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
ics-cert@hq.dhs.gov (Permissions Required, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-22659?: CVE-2021-22659 is a high-severity vulnerability in Rockwellautomation Micrologix_1400, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 8.6/10. Published 2021-03-25.
How severe is CVE-2021-22659?: High severity. CVSS v3 base score is 8.6 out of 10.