Vulnerability Description
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | 1763-L16Awa Series A | <= 14.000 |
| Rockwellautomation | 1763-L16Awa Series B | <= 14.000 |
| Rockwellautomation | 1763-L16Bbb Series A | <= 14.000 |
| Rockwellautomation | 1763-L16Bbb Series B | <= 14.000 |
| Rockwellautomation | 1763-L16Bwa Series A | <= 14.000 |
| Rockwellautomation | 1763-L16Bwa Series B | <= 14.000 |
| Rockwellautomation | 1763-L16Dwd Series A | <= 14.000 |
| Rockwellautomation | 1763-L16Dwd Series B | <= 14.000 |
| Rockwellautomation | 1766-L32Awa Series A | <= 15.004 |
| Rockwellautomation | 1766-L32Awa Series B | <= 15.004 |
| Rockwellautomation | 1766-L32Awaa Series A | <= 15.004 |
| Rockwellautomation | 1766-L32Awaa Series B | <= 15.004 |
| Rockwellautomation | 1766-L32Bwa Series A | <= 15.004 |
| Rockwellautomation | 1766-L32Bwa Series B | <= 15.004 |
| Rockwellautomation | 1766-L32Bwaa Series A | <= 15.004 |
| Rockwellautomation | 1766-L32Bwaa Series B | <= 15.004 |
| Rockwellautomation | 1766-L32Bxb Series A | <= 15.004 |
| Rockwellautomation | 1766-L32Bxb Series B | <= 15.004 |
| Rockwellautomation | 1766-L32Bxba Series A | <= 15.004 |
| Rockwellautomation | 1766-L32Bxba Series B | <= 15.004 |
References
- http://www.securityfocus.com/bid/95302Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/95302Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-9338?
CVE-2016-9338 is a vulnerability with a CVSS score of 2.7 (LOW). An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and ...
How severe is CVE-2016-9338?
CVE-2016-9338 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9338?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation 1763-L16Awa Series A, Rockwellautomation 1763-L16Awa Series B, Rockwellautomation 1763-L16Bbb Series A, Rockwellautomation 1763-L16Bbb Series B, Rockwellautomation 1763-L16Bwa Series A.