Main Vulnerability Database Vulnerabilities #VU6695

Authentication bypass in Allen-Bradley MicroLogix 1400 and Allen-Bradley MicroLogix 1100 - CVE-2017-7898

Published: May 24, 2017

Vulnerability identifier: #VU6695

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-7898

CWE-ID: CWE-307

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Rockwell Automation

Affected software:
Allen-Bradley MicroLogix 1400
Allen-Bradley MicroLogix 1100

Detailed vulnerability description

The vulnerability allows a remote attacker to perform brute-force attack.

The vulnerability exists due to improper restriction of excessive authentication attempts. A remote attacker can repeatedly enter incorrect passwords to gain unauthorized access to the system.

Successful exploitation of the vulnerability may result in unauthorized access to vulnerable system.

How to mitigate CVE-2017-7898

Update to version 21.00

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04

Authentication bypass in Allen-Bradley MicroLogix 1400 and Allen-Bradley MicroLogix 1100 - CVE-2017-7898

Detailed vulnerability description

How to mitigate CVE-2017-7898

Sources

Please verify you're human