Main Vulnerability Database Vulnerabilities #VU6696

#VU6696 Information disclosure in Allen-Bradley MicroLogix 1400 and Allen-Bradley MicroLogix 1100 - CVE-2017-7899

Published: May 24, 2017

Vulnerability identifier: #VU6696

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7899

CWE-ID: CWE-598

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Allen-Bradley MicroLogix 1400
Allen-Bradley MicroLogix 1100

Software vendor:
Rockwell Automation

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to an error when sending credentials to the web server using the HTTP GET method, which may result in the credentials being logged.

Successful exploitation of the vulnerability may result in unauthorized retrieval of the user credentials.

Remediation

Update to version 21.00

External links

https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04

#VU6696 Information disclosure in Allen-Bradley MicroLogix 1400 and Allen-Bradley MicroLogix 1100 - CVE-2017-7899

Description

Remediation

External links

Please verify you're human