Vulnerability Description
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections, resulting in a denial of service for the target device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | 1763-L16Awa Series A | <= 16.000 |
| Rockwellautomation | 1763-L16Awa Series B | <= 16.000 |
| Rockwellautomation | 1763-L16Bbb Series A | <= 16.000 |
| Rockwellautomation | 1763-L16Bbb Series B | <= 16.000 |
| Rockwellautomation | 1763-L16Bwa Series A | <= 16.000 |
| Rockwellautomation | 1763-L16Bwa Series B | <= 16.000 |
| Rockwellautomation | 1763-L16Dwd Series A | <= 16.000 |
| Rockwellautomation | 1763-L16Dwd Series B | <= 16.000 |
| Rockwellautomation | Ab Micrologix Controller | 1100 |
| Rockwellautomation | 1766-L32Awa Series A | <= 16.000 |
| Rockwellautomation | 1766-L32Awa Series B | <= 16.000 |
| Rockwellautomation | 1766-L32Awaa Series A | <= 16.000 |
| Rockwellautomation | 1766-L32Awaa Series B | <= 16.000 |
| Rockwellautomation | 1766-L32Bwa Series A | <= 16.000 |
| Rockwellautomation | 1766-L32Bwa Series B | <= 16.000 |
| Rockwellautomation | 1766-L32Bwaa Series A | <= 16.000 |
| Rockwellautomation | 1766-L32Bwaa Series B | <= 16.000 |
| Rockwellautomation | 1766-L32Bxb Series A | <= 16.000 |
| Rockwellautomation | 1766-L32Bxb Series B | <= 16.000 |
| Rockwellautomation | 1766-L32Bxba Series A | <= 16.000 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1038546
- https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04PatchThird Party AdvisoryUS Government Resource
- http://www.securitytracker.com/id/1038546
- https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-7901?
CVE-2017-7901 is a vulnerability with a CVSS score of 8.6 (HIGH). A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and p...
How severe is CVE-2017-7901?
CVE-2017-7901 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7901?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation 1763-L16Awa Series A, Rockwellautomation 1763-L16Awa Series B, Rockwellautomation 1763-L16Bbb Series A, Rockwellautomation 1763-L16Bbb Series B, Rockwellautomation 1763-L16Bwa Series A.