What is CVE-2021-32926?

CVE-2021-32926 is a high-severity vulnerability in Rockwellautomation Micro800, classified under Channel Accessible by Non-Endpoint. CVSS score: 7.5/10. Published 2021-06-03.

How severe is CVE-2021-32926?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2021-32926 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Rockwellautomation Micro800

CVE-2021-32926

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no lon…

EPSS: 0.001 (26.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Rockwellautomation Micro800
Rockwellautomation Micro800_firmware
Rockwellautomation Micrologix_1400
Rockwellautomation Micrologix_1400_firmware
N/a Micro800, Micrologix 1400 — versions Micro800: All versions, MicroLogix 1400: Version 21 and later when Enhanced Password Security enabled.

Weakness classification (CWE)

CWE-300 — Channel Accessible by Non-Endpoint

Public proof-of-concept exploits

References

ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32926?: CVE-2021-32926 is a high-severity vulnerability in Rockwellautomation Micro800, classified under Channel Accessible by Non-Endpoint. CVSS score: 7.5/10. Published 2021-06-03.
How severe is CVE-2021-32926?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2021-32926 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.