CVE-2017-7898 — CRITICAL (9.8)

Q: How severe is CVE-2017-7898?

CVE-2017-7898 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-7898?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation 1763-L16Awa Series A, Rockwellautomation 1763-L16Awa Series B, Rockwellautomation 1763-L16Bbb Series A, Rockwellautomation 1763-L16Bbb Series B, Rockwellautomation 1763-L16Bwa Series A.

Vulnerability Description

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rockwellautomation	1763-L16Awa Series A	<= 16.000
Rockwellautomation	1763-L16Awa Series B	<= 16.000
Rockwellautomation	1763-L16Bbb Series A	<= 16.000
Rockwellautomation	1763-L16Bbb Series B	<= 16.000
Rockwellautomation	1763-L16Bwa Series A	<= 16.000
Rockwellautomation	1763-L16Bwa Series B	<= 16.000
Rockwellautomation	1763-L16Dwd Series A	<= 16.000
Rockwellautomation	1763-L16Dwd Series B	<= 16.000
Rockwellautomation	Ab Micrologix Controller	1100
Rockwellautomation	1766-L32Awa Series A	<= 16.000
Rockwellautomation	1766-L32Awa Series B	<= 16.000
Rockwellautomation	1766-L32Awaa Series A	<= 16.000
Rockwellautomation	1766-L32Awaa Series B	<= 16.000
Rockwellautomation	1766-L32Bwa Series A	<= 16.000
Rockwellautomation	1766-L32Bwa Series B	<= 16.000
Rockwellautomation	1766-L32Bwaa Series A	<= 16.000
Rockwellautomation	1766-L32Bwaa Series B	<= 16.000
Rockwellautomation	1766-L32Bxb Series A	<= 16.000
Rockwellautomation	1766-L32Bxb Series B	<= 16.000
Rockwellautomation	1766-L32Bxba Series A	<= 16.000

Related Weaknesses (CWE)

CWE-307

References

http://www.securitytracker.com/id/1038546
https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04PatchThird Party AdvisoryUS Government Resource
http://www.securitytracker.com/id/1038546
https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04PatchThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-7898?

CVE-2017-7898 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Versi...

How severe is CVE-2017-7898?

CVE-2017-7898 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-7898?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation 1763-L16Awa Series A, Rockwellautomation 1763-L16Awa Series B, Rockwellautomation 1763-L16Bbb Series A, Rockwellautomation 1763-L16Bbb Series B, Rockwellautomation 1763-L16Bwa Series A.