Main Vulnerability Database Vulnerabilities #VU6697

#VU6697 Denial of service in Allen-Bradley MicroLogix 1400 and Allen-Bradley MicroLogix 1100 - CVE-2017-7901

Published: May 24, 2017

Vulnerability identifier: #VU6697

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7901

CWE-ID: CWE-343

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Allen-Bradley MicroLogix 1400
Allen-Bradley MicroLogix 1100

Software vendor:
Rockwell Automation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to generation of insufficiently random TCP initial sequence numbers. A remote attacker can predict the numbers from previous values and spoof or disrupt TCP connections.

Successful exploitation of the vulnerability may result in denial of service.

Remediation

Update to version 21.00

External links

https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04

#VU6697 Denial of service in Allen-Bradley MicroLogix 1400 and Allen-Bradley MicroLogix 1100 - CVE-2017-7901

Description

Remediation

External links

Please verify you're human