CVE-2016-9338 (GCVE-0-2016-9338)

Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller.
Severity ?
No CVSS data available.
CWE
  • Rockwell Automation MicroLogix 1100 and 1400 Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
Vendor Product Version
n/a Rockwell Automation MicroLogix 1100 and 1400 Affected: Rockwell Automation MicroLogix 1100 and 1400
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:36.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06"
          },
          {
            "name": "95302",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95302"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rockwell Automation MicroLogix 1100 and 1400",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Rockwell Automation MicroLogix 1100 and 1400"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Rockwell Automation MicroLogix 1100 and 1400 Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-14T10:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06"
        },
        {
          "name": "95302",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95302"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-9338",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rockwell Automation MicroLogix 1100 and 1400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Rockwell Automation MicroLogix 1100 and 1400"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Rockwell Automation MicroLogix 1100 and 1400 Incorrect Permission Assignment for Critical Resource"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06"
            },
            {
              "name": "95302",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95302"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2016-9338",
    "datePublished": "2017-02-13T21:00:00",
    "dateReserved": "2016-11-16T00:00:00",
    "dateUpdated": "2024-08-06T02:50:36.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.000\", \"matchCriteriaId\": \"F7434A56-A11C-4362-A806-ECC05EF81EDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.000\", \"matchCriteriaId\": \"E55698D3-601A-48E4-AD5A-C42AA32A02DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.000\", \"matchCriteriaId\": \"8FBC09CC-AD8C-4412-90B0-1E798B56C4F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.000\", \"matchCriteriaId\": \"58265FCD-55B4-4E9C-8A02-9702B8ED5E4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.000\", \"matchCriteriaId\": \"A719DAFD-8BA2-4E56-AC78-60C2D9FCBAA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.000\", \"matchCriteriaId\": \"530BB796-C178-49C1-ADF7-7B34E9FD6ED8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.000\", \"matchCriteriaId\": \"C6D6A13D-69AC-431B-9E12-BDB6523BB49D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.000\", \"matchCriteriaId\": \"D38291EC-779A-461C-971B-09A52C2FB668\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"44A021E4-B93B-4AA0-B7E7-A69F86666D24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"FCE93E4A-C845-4B29-B09E-DA5EC4F22EC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"CE5F717B-487B-473F-BD50-0DE76CAFD6B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"AEB0FCA4-C3D7-46CC-9D4A-C7FE8B7D25C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"55708721-9FAF-4778-95AE-C51FAF42E234\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"7E6A9C27-E079-43CD-A348-C257AD1B2C9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"A2830F25-7489-4B96-8750-8E187BA155A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"391B81A5-A3BB-44FD-9849-2D9FC0A004EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"AACFCF1B-5FD4-451E-94F9-FFE6CA3427DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"31BCB97C-9F7C-47C7-832E-2EAA7B841CA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"93282079-80A2-4CDF-9EF8-D9EEBAC1D238\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"15.004\", \"matchCriteriaId\": \"D4F5D81D-62BA-4655-8FB1-43BC0FF3288B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller.\"}, {\"lang\": \"es\", \"value\": \"Ha sido descubierto un problema en controlador Rockwell Automation Allen-Bradley MicroLogix 1100, 1763-L16AWA, Serie A y B, Versi\\u00f3n 14.000 y versiones anteriores; 1763-L16BBB, Serie A y B, Versi\\u00f3n 14.000 y versiones anteriores; 1763-L16BWA, Serie A y B, Versi\\u00f3n 14.000 y versiones anteriores; y 1763-L16DWD, Serie A y B, Versi\\u00f3n 14.000 y versiones anteriores. Debido a una asignaci\\u00f3n de permisos incorrecta para recursos cr\\u00edticos, los usuarios con privilegios de administrador pueden eliminar todos los usuarios administrativos requiri\\u00e9ndose un restablecimiento de f\\u00e1brica para restaurar la funci\\u00f3n del servidor web auxiliar. La explotaci\\u00f3n de esta vulnerabilidad seguir\\u00e1 permitiendo que el dispositivo afectado funcione en su capacidad como controlador.\"}]",
      "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/732.html\"\u003eCWE-732: Incorrect Permission Assignment for Critical Resource\u003c/a\u003e",
      "id": "CVE-2016-9338",
      "lastModified": "2024-11-21T03:00:59.073",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 2.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:P\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-02-13T21:59:01.627",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/95302\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/95302\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9338\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2017-02-13T21:59:01.627\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller.\"},{\"lang\":\"es\",\"value\":\"Ha sido descubierto un problema en controlador Rockwell Automation Allen-Bradley MicroLogix 1100, 1763-L16AWA, Serie A y B, Versi\u00f3n 14.000 y versiones anteriores; 1763-L16BBB, Serie A y B, Versi\u00f3n 14.000 y versiones anteriores; 1763-L16BWA, Serie A y B, Versi\u00f3n 14.000 y versiones anteriores; y 1763-L16DWD, Serie A y B, Versi\u00f3n 14.000 y versiones anteriores. Debido a una asignaci\u00f3n de permisos incorrecta para recursos cr\u00edticos, los usuarios con privilegios de administrador pueden eliminar todos los usuarios administrativos requiri\u00e9ndose un restablecimiento de f\u00e1brica para restaurar la funci\u00f3n del servidor web auxiliar. La explotaci\u00f3n de esta vulnerabilidad seguir\u00e1 permitiendo que el dispositivo afectado funcione en su capacidad como controlador.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.000\",\"matchCriteriaId\":\"F7434A56-A11C-4362-A806-ECC05EF81EDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.000\",\"matchCriteriaId\":\"E55698D3-601A-48E4-AD5A-C42AA32A02DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.000\",\"matchCriteriaId\":\"8FBC09CC-AD8C-4412-90B0-1E798B56C4F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.000\",\"matchCriteriaId\":\"58265FCD-55B4-4E9C-8A02-9702B8ED5E4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.000\",\"matchCriteriaId\":\"A719DAFD-8BA2-4E56-AC78-60C2D9FCBAA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.000\",\"matchCriteriaId\":\"530BB796-C178-49C1-ADF7-7B34E9FD6ED8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.000\",\"matchCriteriaId\":\"C6D6A13D-69AC-431B-9E12-BDB6523BB49D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.000\",\"matchCriteriaId\":\"D38291EC-779A-461C-971B-09A52C2FB668\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"44A021E4-B93B-4AA0-B7E7-A69F86666D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"FCE93E4A-C845-4B29-B09E-DA5EC4F22EC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"CE5F717B-487B-473F-BD50-0DE76CAFD6B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"AEB0FCA4-C3D7-46CC-9D4A-C7FE8B7D25C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"55708721-9FAF-4778-95AE-C51FAF42E234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"7E6A9C27-E079-43CD-A348-C257AD1B2C9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"A2830F25-7489-4B96-8750-8E187BA155A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"391B81A5-A3BB-44FD-9849-2D9FC0A004EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"AACFCF1B-5FD4-451E-94F9-FFE6CA3427DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"31BCB97C-9F7C-47C7-832E-2EAA7B841CA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"93282079-80A2-4CDF-9EF8-D9EEBAC1D238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.004\",\"matchCriteriaId\":\"D4F5D81D-62BA-4655-8FB1-43BC0FF3288B\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/95302\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/95302\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/732.html\\\"\u003eCWE-732: Incorrect Permission Assignment for Critical Resource\u003c/a\u003e\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.