Vulnerability Description
An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | 1763-L16Bwa Firmware | - |
| Rockwellautomation | 1763-L16Bwa | - |
| Rockwellautomation | 1763-L16Awa Firmware | - |
| Rockwellautomation | 1763-L16Awa | - |
| Rockwellautomation | 1763-L16Bbb Firmware | - |
| Rockwellautomation | 1763-L16Bbb | - |
| Rockwellautomation | 1763-L16Dwd Firmware | - |
| Rockwellautomation | 1763-L16Dwd | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99622Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/99622Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-7924?
CVE-2017-7924 is a vulnerability with a CVSS score of 7.5 (HIGH). An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could se...
How severe is CVE-2017-7924?
CVE-2017-7924 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7924?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation 1763-L16Bwa Firmware, Rockwellautomation 1763-L16Bwa, Rockwellautomation 1763-L16Awa Firmware, Rockwellautomation 1763-L16Awa, Rockwellautomation 1763-L16Bbb Firmware.