SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Rockwell Automation EtherNet/IP Vendors:   Rockwell Automation
Rockwell Automation MicroLogix PLC Multiple Flaws Let Remote Users Guess Passwords, Replay Commands, and Deny Service and Let Local Users Obtain Passwords
SecurityTracker Alert ID:  1038546
SecurityTracker URL:  http://securitytracker.com/id/1038546
CVE Reference:   CVE-2017-7898, CVE-2017-7899, CVE-2017-7901, CVE-2017-7902, CVE-2017-7903   (Links to External Site)
Date:  May 24 2017
Impact:   Denial of service via network, Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): MicroLogix 1100, 1400
Description:   Multiple vulnerabilities were reported in Rockwell Automation MicroLogix PLC (EtherNet/IP). A remote user can cause denial of service conditions on the target system. A local user can obtain passwords on the target system. A remote user can conduct brute force password guessing attacks. A remote user conduct replay attacks.

The system does not limit incorrect authentication attempts [CVE-2017-7898]. A remote user can conduct brute force password guessing attacks.

The system uses numeric passwords with a small maximum length [CVE-2017-7903].

The system accepts user authentication credentials via the HTTP GET method and may log the GET request [CVE-2017-7899]. A local user can obtain authentication credentials.

The system generates TCP initial sequence numbers that are not sufficiently random [CVE-2017-7901]. A remote user can spoof TCP connections or cause denial of service.

The system reuses nonces [CVE-2017-7902]. A remote user that can monitor the network can capture and replay a valid request.

The following Allen-Bradley MicroLogix 1100 PLC versions are affected:

1763-L16AWA, Series A and B, Version 16.00 and prior
1763-L16BBB, Series A and B, Version 16.00 and prior
1763-L16BWA, Series A and B, Version 16.00 and prior
1763-L16DWD, Series A and B, Version 16.00 and prior

Allen-Bradley MicroLogix 1400 PLC versions are affected:

1766-L32AWA, Series A and B, Version 16.00 and prior
1766-L32BWA, Series A and B, Version 16.00 and prior
1766-L32BWAA, Series A and B, Version 16.00 and prior
1766-L32BXB, Series A and B, Version 16.00 and prior
1766-L32BXBA, Series A and B, Version 16.00 and prior
1766-L32AWAA, Series A and B, Version 16.00 and prior

The original advisory is available at:

https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04

David Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc. and Ilya Karpov of Positive Technologies reported these vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

A local user can obtain passwords on the target system.

A remote user can conduct brute force password guessing attacks.

A remote user conduct replay attacks.

Solution:   The vendor has issued a firmware fix (FRN 21.00 for 1400 Series B controllers), available at:

http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1766-Lxx&crumb=112

Vendor URL:  compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1766-Lxx&crumb=112 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC