SB2017052412 - Multiple vulnerabilities in Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017052412

SB2017052412 - Multiple vulnerabilities in Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400

Published: May 24, 2017

Security Bulletin ID SB2017052412
CSH Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Authentication bypass (CVE-ID: CVE-2017-7898)

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to perform brute-force attack.

The vulnerability exists due to improper restriction of excessive authentication attempts. A remote attacker can repeatedly enter incorrect passwords to gain unauthorized access to the system.

Successful exploitation of the vulnerability may result in unauthorized access to vulnerable system.


2) Information disclosure (CVE-ID: CVE-2017-7899)

CWE-ID: CWE-598 - Information Exposure Through Query Strings in GET Request

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to an error when sending credentials to the web server using the HTTP GET method, which may result in the credentials being logged.

Successful exploitation of the vulnerability may result in unauthorized retrieval of the user credentials.


3) Denial of service (CVE-ID: CVE-2017-7901)

CWE-ID: CWE-343 - Predictable Value Range from Previous Values

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to generation of insufficiently random TCP initial sequence numbers. A remote attacker can predict the numbers from previous values and spoof or disrupt TCP connections.

Successful exploitation of the vulnerability may result in denial of service.


4) Denial of service (CVE-ID: CVE-2017-7902)

CWE-ID: CWE-323 - Reusing a Nonce, Key Pair in Encryption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to reuse of nonces by the affected software. A remote attacker can capture and replay a valid request until the nonce is changed.

Successful exploitation of the vulnerability may result in denial of service.


5) Authentication bypass (CVE-ID: CVE-2017-7903)

CWE-ID: CWE-521 - Weak Password Requirements

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to perform brute-force attack.

The vulnerability exists due to weak password requirements. A remote attacker can brute-force account passwords and bypass authentication on the system.

Successful exploitation of the vulnerability may result in unauthorized access to vulnerable system.


Remediation

Install update from vendor's website.

References