Main Vulnerability Database Vulnerabilities #VU6695

#VU6695 Authentication bypass in Allen-Bradley MicroLogix 1400 and Allen-Bradley MicroLogix 1100 - CVE-2017-7898

Published: May 24, 2017

Vulnerability identifier: #VU6695

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-7898

CWE-ID: CWE-307

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Allen-Bradley MicroLogix 1400
Allen-Bradley MicroLogix 1100

Software vendor:
Rockwell Automation

Description

The vulnerability allows a remote attacker to perform brute-force attack.

The vulnerability exists due to improper restriction of excessive authentication attempts. A remote attacker can repeatedly enter incorrect passwords to gain unauthorized access to the system.

Successful exploitation of the vulnerability may result in unauthorized access to vulnerable system.

Remediation

Update to version 21.00

External links

https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04

#VU6695 Authentication bypass in Allen-Bradley MicroLogix 1400 and Allen-Bradley MicroLogix 1100 - CVE-2017-7898

Description

Remediation

External links

Please verify you're human