CVE-2017-7901 (GCVE-0-2017-7901)

Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2024-08-05 16:19
VLAI?
Summary
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections, resulting in a denial of service for the target device.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Affected: Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038546",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038546"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400"
            }
          ]
        }
      ],
      "datePublic": "2017-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections, resulting in a denial of service for the target device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-343",
              "description": "CWE-343",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "1038546",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038546"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-7901",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections, resulting in a denial of service for the target device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-343"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038546",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038546"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-7901",
    "datePublished": "2017-06-30T02:35:00",
    "dateReserved": "2017-04-18T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"E44D0CCE-EDA7-4DF2-B67B-C59DFAE7F888\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"58E4AB51-E136-4AA3-AFF9-50F240489856\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"6006CE1E-08EC-4AFC-8F35-73B24AA7F08D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"F52398D3-996E-4291-887F-6B8E0AF24AFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"61603F24-7505-4A9E-BA9E-57C7B5A60A6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"9558148B-3000-4D83-9AB0-380D7FBB0C9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"C805AFD6-481C-4A32-9CE8-281F9B793263\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"DC9E1F42-4F17-4EA4-8D0F-30220F560A0E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA98842B-9D09-4C37-AB34-4E9FA566BAD8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"8C8E3AF6-1017-4A18-99CA-854F1022ED66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"A093AA8B-7DB9-4373-AE8F-F8B879A4BE5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"25DA9309-964B-4C1C-8B95-9C1CD80DDC74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"6D51D3F6-ABB3-4FFD-81D5-B3D3C29F0A46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"DC05C3A1-1042-46AD-83D8-765AF4C9BCD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"6218A006-1F60-4E29-85CC-7D1BCBD7C734\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"6B863572-CECF-47DF-AF6F-C25F88200DBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"59BEBB0E-8C6E-4663-9E0C-E755C2EF0041\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"1303D987-4A44-4F33-992E-0C7E683EC7A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"1E7D8E09-D97D-45FF-9AD0-A9B0A846E600\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"9D9C64FB-A613-4940-86E6-95431B907159\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.000\", \"matchCriteriaId\": \"B5C50D4A-EB32-4BE4-B9E6-D25494E2EF55\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1400:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFF2EF59-F451-490D-A7AF-E66D11493948\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections, resulting in a denial of service for the target device.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema de Rango de Valor Predecible de Valores Anteriores en los controladores l\\u00f3gicos programables MicroLogix 1100 1763-L16AWA, Series A y B, versi\\u00f3n 16.00 y anteriores; 1763-L16BBB, Serie A y B, versi\\u00f3n 16.00 y anteriores; 1763-L16BWA, Serie A y B, versi\\u00f3n 16.00 y anteriores; y 1763-L16DWD, Series A y B, versi\\u00f3n 16.00 y anteriores de Allen-Bradley en Rockwell Automation y en controladores l\\u00f3gicos programables MicroLogix 1400 1766-L32AWA, Series A y B, versi\\u00f3n 16.00 y anteriores; 1766-L32BWA, Serie A y B, versi\\u00f3n 16.00 y anteriores; 1766-L32BWAA, Serie A y B, versi\\u00f3n 16.00 y anteriores; 1766-L32BXB, Serie A y B, versi\\u00f3n 16.00 y anteriores; 1766-L32BXBA, Serie A y B, versi\\u00f3n 16.00 y anteriores; y 1766-L32AWAA, Series A y B, versi\\u00f3n 16.00 y anteriores de Allen-Bradley en Rockwell Automation. Se generan n\\u00fameros de secuencia inicial TCP de aleatoriedad insuficientemente, lo que puede permitir a un atacante predecir los n\\u00fameros de los valores anteriores. Esto puede permitir a un atacante suplantar o interrumpir las conexiones TCP, resultando en una denegaci\\u00f3n de servicio para el dispositivo de destino.\"}]",
      "id": "CVE-2017-7901",
      "lastModified": "2024-11-21T03:32:55.687",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 8.5, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-06-30T03:29:00.797",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1038546\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securitytracker.com/id/1038546\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-343\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-330\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7901\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2017-06-30T03:29:00.797\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections, resulting in a denial of service for the target device.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema de Rango de Valor Predecible de Valores Anteriores en los controladores l\u00f3gicos programables MicroLogix 1100 1763-L16AWA, Series A y B, versi\u00f3n 16.00 y anteriores; 1763-L16BBB, Serie A y B, versi\u00f3n 16.00 y anteriores; 1763-L16BWA, Serie A y B, versi\u00f3n 16.00 y anteriores; y 1763-L16DWD, Series A y B, versi\u00f3n 16.00 y anteriores de Allen-Bradley en Rockwell Automation y en controladores l\u00f3gicos programables MicroLogix 1400 1766-L32AWA, Series A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BWA, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BWAA, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BXB, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BXBA, Serie A y B, versi\u00f3n 16.00 y anteriores; y 1766-L32AWAA, Series A y B, versi\u00f3n 16.00 y anteriores de Allen-Bradley en Rockwell Automation. Se generan n\u00fameros de secuencia inicial TCP de aleatoriedad insuficientemente, lo que puede permitir a un atacante predecir los n\u00fameros de los valores anteriores. Esto puede permitir a un atacante suplantar o interrumpir las conexiones TCP, resultando en una denegaci\u00f3n de servicio para el dispositivo de destino.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":8.5,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-343\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"E44D0CCE-EDA7-4DF2-B67B-C59DFAE7F888\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"58E4AB51-E136-4AA3-AFF9-50F240489856\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"6006CE1E-08EC-4AFC-8F35-73B24AA7F08D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"F52398D3-996E-4291-887F-6B8E0AF24AFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"61603F24-7505-4A9E-BA9E-57C7B5A60A6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"9558148B-3000-4D83-9AB0-380D7FBB0C9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"C805AFD6-481C-4A32-9CE8-281F9B793263\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"DC9E1F42-4F17-4EA4-8D0F-30220F560A0E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA98842B-9D09-4C37-AB34-4E9FA566BAD8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"8C8E3AF6-1017-4A18-99CA-854F1022ED66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"A093AA8B-7DB9-4373-AE8F-F8B879A4BE5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"25DA9309-964B-4C1C-8B95-9C1CD80DDC74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"6D51D3F6-ABB3-4FFD-81D5-B3D3C29F0A46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"DC05C3A1-1042-46AD-83D8-765AF4C9BCD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"6218A006-1F60-4E29-85CC-7D1BCBD7C734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"6B863572-CECF-47DF-AF6F-C25F88200DBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"59BEBB0E-8C6E-4663-9E0C-E755C2EF0041\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"1303D987-4A44-4F33-992E-0C7E683EC7A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"1E7D8E09-D97D-45FF-9AD0-A9B0A846E600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"9D9C64FB-A613-4940-86E6-95431B907159\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.000\",\"matchCriteriaId\":\"B5C50D4A-EB32-4BE4-B9E6-D25494E2EF55\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFF2EF59-F451-490D-A7AF-E66D11493948\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1038546\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securitytracker.com/id/1038546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.