CVE-2021-32926
7.5 HIGHWhen an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that incl...
Published: 2021-06-03 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-300
Affected products
| Vendor | Product |
|---|---|
| rockwellautomation | micro800_firmware, micrologix_1400_firmware |
Description
When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-33012 — Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause ... (8.6 HIGH)
- CVE-2021-22659 — Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus... (8.6 HIGH)
- CVE-2020-6990 — Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versi... (9.8 CRITICAL)
- CVE-2020-6988 — Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versi... (7.5 HIGH)
- CVE-2020-6984 — Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versi... (7.5 HIGH)
Same CWE
- CVE-2009-3555 — The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in... (9.8 CRITICAL)