CVE-2017-7899
Last modified
CVE-2017-7899 is a vulnerability of currently unknown severity. An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. EPSS estimates a 4.62% chance of exploitation in the next 30 days.
Description
An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | 1763-L16awa Series A | <= 16.000 |
| Rockwellautomation | 1763-L16awa Series B | <= 16.000 |
| Rockwellautomation | 1763-L16bbb Series A | <= 16.000 |
| Rockwellautomation | 1763-L16bbb Series B | <= 16.000 |
| Rockwellautomation | 1763-L16bwa Series A | <= 16.000 |
| Rockwellautomation | 1763-L16bwa Series B | <= 16.000 |
| Rockwellautomation | 1763-L16dwd Series A | <= 16.000 |
| Rockwellautomation | 1763-L16dwd Series B | <= 16.000 |
| Rockwellautomation | 1766-L32awa Series A | <= 16.000 |
| Rockwellautomation | 1766-L32awa Series B | <= 16.000 |
| Rockwellautomation | 1766-L32awaa Series A | <= 16.000 |
| Rockwellautomation | 1766-L32awaa Series B | <= 16.000 |
| Rockwellautomation | 1766-L32bwa Series A | <= 16.000 |
| Rockwellautomation | 1766-L32bwa Series B | <= 16.000 |
| Rockwellautomation | 1766-L32bwaa Series A | <= 16.000 |
| Rockwellautomation | 1766-L32bwaa Series B | <= 16.000 |
| Rockwellautomation | 1766-L32bxb Series A | <= 16.000 |
| Rockwellautomation | 1766-L32bxb Series B | <= 16.000 |
| Rockwellautomation | 1766-L32bxba Series A | <= 16.000 |
| Rockwellautomation | 1766-L32bxba Series B | <= 16.000 |
References
- https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04Patch, Third Party Advisory, US Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04Patch, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7899?
How severe is CVE-2017-7899?
How do I fix CVE-2017-7899?
Are you affected by CVE-2017-7899?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST