Details of VAR-201706-0655

ID

VAR-201706-0655

CVE

CVE-2017-7899

TITLE

plural Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Vulnerabilities related to certificate and password management in the controller

Trust: 0.8

sources: JVNDB: JVNDB-2017-005284

DESCRIPTION

An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval. plural Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 The controller contains a vulnerability related to certificate / password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rockwell Automation Allen-Bradley MicroLogix 1100 1763-L16AWA Series A is a programmable logic controller (PLC) product from Rockwell Automation. An information disclosure vulnerability exists in several Rockwell Automation products. An attacker could use this vulnerability to recover a user certificate. Attackers may exploit these issues to bypass authentication mechanism, bypass security restrictions and perform unauthorized actions, gain sensitive information and cause denial-of-service conditions

Trust: 2.7

sources: NVD: CVE-2017-7899 // JVNDB: JVNDB-2017-005284 // CNVD: CNVD-2017-08712 // BID: 98630 // IVD: c9defe35-a67a-46f3-8574-4052d272fcf2 // VULHUB: VHN-116102

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: c9defe35-a67a-46f3-8574-4052d272fcf2 // CNVD: CNVD-2017-08712

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	1763-l16dwd series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16bwa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bwa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16bwa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32awa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bwa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bxb series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bwaa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16bbb series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16awa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bxba series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bxb series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bwaa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32awaa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16dwd series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16bbb series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32awa series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32awaa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1763-l16awa series b	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwellautomation	model:	1766-l32bxba series a	scope:	lte	version:	16.000	Trust: 1.0
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16awa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16awa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16bbb series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16bbb series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16bwa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16bwa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16dwd series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1100 1763-l16dwd series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32awa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32awa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32awaa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32awaa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bwa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bwa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bwaa series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bwaa series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bxb series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bxb series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bxba series a	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell automation	model:	allen-bradley micrologix 1400 1766-l32bxba series b	scope:	lte	version:	16.000	Trust: 0.8
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa	scope:	eq	version:	1100<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb	scope:	eq	version:	1100<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa	scope:	eq	version:	1100<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd	scope:	eq	version:	1100<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa	scope:	eq	version:	1400<=16.00	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32bwaa series b	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32bxb series b	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32awa series b	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32bwa series b	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32bwaa series a	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32bxba series a	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32bwa series a	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32awa series a	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32bxb series a	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwellautomation	model:	1766-l32bxba series b	scope:	eq	version:	16.000	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa series b	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa series b	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa series a	scope:	eq	version:	140016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa series a	scope:	eq	version:	140015.004	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd series b	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd series b	scope:	eq	version:	110015.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd series b	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd series a	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16dwd series a	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa series b	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa series b	scope:	eq	version:	110015.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa series b	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa series a	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bwa series a	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb series b	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb series b	scope:	eq	version:	110015.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb series b	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb series a	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16bbb series a	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa series b	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa series b	scope:	eq	version:	110015.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa series b	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa series a	scope:	eq	version:	110016.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1763-l16awa series a	scope:	eq	version:	110014.000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxba series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bxb series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwaa series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32bwa series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awaa series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley micrologix 1766-l32awa series b	scope:	ne	version:	140021.00	Trust: 0.3
vendor:	1763 l16awa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16awa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16bbb series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16bbb series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16bwa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16bwa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16dwd series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1763 l16dwd series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32awa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32awa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32awaa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32awaa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bwa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bwa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bwaa series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bwaa series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bxb series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bxb series b	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bxba series a	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	1766 l32bxba series b	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: c9defe35-a67a-46f3-8574-4052d272fcf2 // CNVD: CNVD-2017-08712 // BID: 98630 // JVNDB: JVNDB-2017-005284 // CNNVD: CNNVD-201705-1234 // NVD: CVE-2017-7899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7899
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-7899
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-08712
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201705-1234
value:	CRITICAL
Trust: 0.6
IVD:	c9defe35-a67a-46f3-8574-4052d272fcf2
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-116102
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7899
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-08712
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	c9defe35-a67a-46f3-8574-4052d272fcf2
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-116102
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7899
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: c9defe35-a67a-46f3-8574-4052d272fcf2 // CNVD: CNVD-2017-08712 // VULHUB: VHN-116102 // JVNDB: JVNDB-2017-005284 // CNNVD: CNNVD-201705-1234 // NVD: CVE-2017-7899

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-116102 // JVNDB: JVNDB-2017-005284 // NVD: CVE-2017-7899

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1234

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-1234

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005284

PATCH

title:	MicroLogix 1100コントローラ	url:	http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-1100	Trust: 0.8
title:	MicroLogix 1400コントローラ	url:	http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-1400	Trust: 0.8
title:	Patches for information disclosure vulnerabilities in several Rockwell Automation products	url:	https://www.cnvd.org.cn/patchInfo/show/94973	Trust: 0.6
title:	Multiple Rockwell Automation Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70576	Trust: 0.6

sources: CNVD: CNVD-2017-08712 // JVNDB: JVNDB-2017-005284 // CNNVD: CNNVD-201705-1234

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7899	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-115-04	Trust: 3.4
db:	SECTRACK	id:	1038546	Trust: 1.7
db:	CNNVD	id:	CNNVD-201705-1234	Trust: 0.9
db:	BID	id:	98630	Trust: 0.9
db:	CNVD	id:	CNVD-2017-08712	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005284	Trust: 0.8
db:	IVD	id:	C9DEFE35-A67A-46F3-8574-4052D272FCF2	Trust: 0.2
db:	VULHUB	id:	VHN-116102	Trust: 0.1

sources: IVD: c9defe35-a67a-46f3-8574-4052d272fcf2 // CNVD: CNVD-2017-08712 // VULHUB: VHN-116102 // BID: 98630 // JVNDB: JVNDB-2017-005284 // CNNVD: CNNVD-201705-1234 // NVD: CVE-2017-7899

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-115-04	Trust: 3.4
url:	http://www.securitytracker.com/id/1038546	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7899	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7899	Trust: 0.8
url:	http://www.securityfocus.com/bid/98630	Trust: 0.6
url:	http://www.moxa.com/	Trust: 0.3

sources: CNVD: CNVD-2017-08712 // VULHUB: VHN-116102 // BID: 98630 // JVNDB: JVNDB-2017-005284 // CNNVD: CNNVD-201705-1234 // NVD: CVE-2017-7899

CREDITS

Maxim Rupp

Trust: 0.9

sources: BID: 98630 // CNNVD: CNNVD-201705-1234

SOURCES

db:	IVD	id:	c9defe35-a67a-46f3-8574-4052d272fcf2
db:	CNVD	id:	CNVD-2017-08712
db:	VULHUB	id:	VHN-116102
db:	BID	id:	98630
db:	JVNDB	id:	JVNDB-2017-005284
db:	CNNVD	id:	CNNVD-201705-1234
db:	NVD	id:	CVE-2017-7899

LAST UPDATE DATE

2025-04-20T23:26:04.337000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-08712	date:	2017-06-08T00:00:00
db:	VULHUB	id:	VHN-116102	date:	2019-10-03T00:00:00
db:	BID	id:	98630	date:	2017-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-005284	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201705-1234	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-7899	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	c9defe35-a67a-46f3-8574-4052d272fcf2	date:	2017-06-08T00:00:00
db:	CNVD	id:	CNVD-2017-08712	date:	2017-06-08T00:00:00
db:	VULHUB	id:	VHN-116102	date:	2017-06-30T00:00:00
db:	BID	id:	98630	date:	2017-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-005284	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201705-1234	date:	2017-05-23T00:00:00
db:	NVD	id:	CVE-2017-7899	date:	2017-06-30T03:29:00.733