A high-severity buffer overflow vulnerability in Rockwell Automation MicroLogix 1400 controllers allows remote, unauthenticated attackers to crash the system or modify sensitive register values.

This is a classic buffer overflow (CWE-120) triggered when an unauthenticated attacker sends a specially crafted Modbus packet. This interaction allows the attacker to retrieve or modify register values, or crash the controller, leading to a denial-of-service condition.

The CVSS score of 8.6 reflects the high risk of unauthorized control over industrial processes. Successful exploitation could compromise the integrity of the process control loop, causing physical system crashes or unauthorized changes to operational parameters, which could lead to significant safety risks and operational downtime.

Immediate Action: Disable Modbus TCP support on the affected MicroLogix 1400 controllers if the protocol is not strictly required for operational functionality.

Proactive Monitoring: Implement network traffic analysis to detect anomalous Modbus packets or unauthorized attempts to access register data.

Compensating Controls: Use industrial firewalls or deep packet inspection (DPI) to filter and block malformed Modbus traffic before it reaches the controller.

Public Exploit Available: false

Given the risk of remote, unauthenticated access and potential denial-of-service, organizations should immediately assess their reliance on Modbus TCP and disable the service where unnecessary. Apply vendor-recommended mitigations to protect the controller from crafted packet attacks and maintain strict network isolation.