Details of VAR-201706-0654

ID

VAR-201706-0654

CVE

CVE-2017-7898

TITLE

plural Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Vulnerabilities related to authorization, authority, and access control in the controller

Trust: 0.8

sources: JVNDB: JVNDB-2017-005283

DESCRIPTION

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords. plural Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 The controller contains vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rockwell Automation Allen-Bradley MicroLogix 1100 1763-L16AWA Series A is a programmable logic controller (PLC) product from Rockwell Automation. Security vulnerabilities exist in several Rockwell Automation products. Attackers may exploit these issues to bypass authentication mechanism, bypass security restrictions and perform unauthorized actions, gain sensitive information and cause denial-of-service conditions

Trust: 2.79

sources: NVD: CVE-2017-7898 // JVNDB: JVNDB-2017-005283 // CNVD: CNVD-2017-08711 // BID: 98630 // IVD: dca06029-b5d7-4026-9416-96143c015996 // VULHUB: VHN-116101 // VULMON: CVE-2017-7898

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: dca06029-b5d7-4026-9416-96143c015996 // CNVD: CNVD-2017-08711

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	1763-l16dwd series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16bwa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bwa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16bwa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32awa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bwa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bxb series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bwaa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16bbb series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16awa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bxba series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bxb series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bwaa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32awaa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16dwd series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16bbb series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32awa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32awaa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16awa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bxba series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16awa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16awa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16bbb series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16bbb series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16bwa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16bwa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16dwd series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16dwd series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32awa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32awa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32awaa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32awaa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bwa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bwa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bwaa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bwaa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bxb series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bxb series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bxba series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bxba series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa	scope:	eq	version:	1100<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb	scope:	eq	version:	1100<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa	scope:	eq	version:	1100<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd	scope:	eq	version:	1100<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwellautomation	model:	1763-l16bbb series a	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1763-l16awa series a	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1763-l16dwd series a	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1763-l16dwd series b	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32bxb series b	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32awaa series a	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1763-l16bbb series b	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1763-l16bwa series b	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1763-l16bwa series a	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1763-l16awa series b	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd series b	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd series b	scope:	eq	version:	110015.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd series b	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd series a	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd series a	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa series b	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa series b	scope:	eq	version:	110015.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa series b	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa series a	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa series a	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb series b	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb series b	scope:	eq	version:	110015.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb series b	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb series a	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb series a	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa series b	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa series b	scope:	eq	version:	110015.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa series b	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa series a	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa series a	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	1763 l16awa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16awa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16bbb series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16bbb series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16bwa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16bwa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16dwd series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16dwd series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32awa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32awa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32awaa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32awaa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bwa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bwa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bwaa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bwaa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bxb series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bxb series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bxba series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bxba series b	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: dca06029-b5d7-4026-9416-96143c015996 // CNVD: CNVD-2017-08711 // BID: 98630 // JVNDB: JVNDB-2017-005283 // CNNVD: CNNVD-201705-1235 // NVD: CVE-2017-7898

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7898
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-7898
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-08711
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201705-1235
value:	CRITICAL
Trust: 0.6
IVD:	dca06029-b5d7-4026-9416-96143c015996
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-116101
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-7898
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7898
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-08711
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	dca06029-b5d7-4026-9416-96143c015996
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-116101
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7898
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: dca06029-b5d7-4026-9416-96143c015996 // CNVD: CNVD-2017-08711 // VULHUB: VHN-116101 // VULMON: CVE-2017-7898 // JVNDB: JVNDB-2017-005283 // CNNVD: CNNVD-201705-1235 // NVD: CVE-2017-7898

PROBLEMTYPE DATA

problemtype:	CWE-307	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-116101 // JVNDB: JVNDB-2017-005283 // NVD: CVE-2017-7898

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1235

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201705-1235

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005283

PATCH

title:	MicroLogix 1100コントローラ	url:	http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-1100	Trust: 0.8
title:	MicroLogix 1400コントローラ	url:	http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-1400	Trust: 0.8
title:	Patches for Unknown Vulnerabilities (CNVD-2017-08711) for Multiple Rockwell Automation Products	url:	https://www.cnvd.org.cn/patchInfo/show/94974	Trust: 0.6
title:	Multiple Rockwell Automation Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70577	Trust: 0.6

sources: CNVD: CNVD-2017-08711 // JVNDB: JVNDB-2017-005283 // CNNVD: CNNVD-201705-1235

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7898	Trust: 3.7
db:	ICS CERT	id:	ICSA-17-115-04	Trust: 3.5
db:	SECTRACK	id:	1038546	Trust: 1.8
db:	CNNVD	id:	CNNVD-201705-1235	Trust: 0.9
db:	BID	id:	98630	Trust: 0.9
db:	CNVD	id:	CNVD-2017-08711	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005283	Trust: 0.8
db:	IVD	id:	DCA06029-B5D7-4026-9416-96143C015996	Trust: 0.2
db:	VULHUB	id:	VHN-116101	Trust: 0.1
db:	VULMON	id:	CVE-2017-7898	Trust: 0.1

sources: IVD: dca06029-b5d7-4026-9416-96143c015996 // CNVD: CNVD-2017-08711 // VULHUB: VHN-116101 // VULMON: CVE-2017-7898 // BID: 98630 // JVNDB: JVNDB-2017-005283 // CNNVD: CNNVD-201705-1235 // NVD: CVE-2017-7898

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-115-04	Trust: 3.6
url:	http://www.securitytracker.com/id/1038546	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7898	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7898	Trust: 0.8
url:	http://www.securityfocus.com/bid/98630	Trust: 0.6
url:	http://www.moxa.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/307.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=53938	Trust: 0.1

sources: CNVD: CNVD-2017-08711 // VULHUB: VHN-116101 // VULMON: CVE-2017-7898 // BID: 98630 // JVNDB: JVNDB-2017-005283 // CNNVD: CNNVD-201705-1235 // NVD: CVE-2017-7898

CREDITS

Maxim Rupp

Trust: 0.9

sources: BID: 98630 // CNNVD: CNNVD-201705-1235

SOURCES

db:	IVD	id:	dca06029-b5d7-4026-9416-96143c015996
db:	CNVD	id:	CNVD-2017-08711
db:	VULHUB	id:	VHN-116101
db:	VULMON	id:	CVE-2017-7898
db:	BID	id:	98630
db:	JVNDB	id:	JVNDB-2017-005283
db:	CNNVD	id:	CNNVD-201705-1235
db:	NVD	id:	CVE-2017-7898

LAST UPDATE DATE

2025-04-20T23:26:04.423000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-08711	date:	2017-06-08T00:00:00
db:	VULHUB	id:	VHN-116101	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-7898	date:	2019-10-03T00:00:00
db:	BID	id:	98630	date:	2017-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-005283	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201705-1235	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-7898	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	dca06029-b5d7-4026-9416-96143c015996	date:	2017-06-08T00:00:00
db:	CNVD	id:	CNVD-2017-08711	date:	2017-06-08T00:00:00
db:	VULHUB	id:	VHN-116101	date:	2017-06-30T00:00:00
db:	VULMON	id:	CVE-2017-7898	date:	2017-06-30T00:00:00
db:	BID	id:	98630	date:	2017-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-005283	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201705-1235	date:	2017-05-23T00:00:00
db:	NVD	id:	CVE-2017-7898	date:	2017-06-30T03:29:00.703