CVE-2017-7924

An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/99622	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:rockwellautomation:1763-l16bwa_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:1763-l16bwa:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:rockwellautomation:1763-l16awa_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:1763-l16awa:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:rockwellautomation:1763-l16bbb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:1763-l16bbb:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:rockwellautomation:1763-l16dwd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:1763-l16dwd:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-09-20 16:29

Updated : 2019-10-09 23:29

NVD link : CVE-2017-7924

Mitre link : CVE-2017-7924

CVE.ORG link : CVE-2017-7924

JSON object : View

Products Affected

rockwellautomation

1763-l16bbb
1763-l16bwa
1763-l16bbb_firmware
1763-l16awa
1763-l16dwd_firmware
1763-l16bwa_firmware
1763-l16dwd
1763-l16awa_firmware

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2017-7924", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-09-20T16:29:00.863", "references": [{"url": "http://www.securityfocus.com/bid/99622", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition."}, {"lang": "es", "value": "Se ha descubierto un problema de validaci\u00f3n de entrada incorrecta en los controladores Rockwell Automation MicroLogix 1100 1763-L16BWA, 1763-L16AWA, 1763-L16BBB y 1763-L16DWD. Un atacante remoto sin autenticar podr\u00eda enviar un \u00fanico paquete de tipo Programmable Controller Communication Commands (PCCC) manipulado al controlador que podr\u00eda provocar que el controlador entre en una denegaci\u00f3n de servicio."}], "lastModified": "2019-10-09T23:29:58.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1763-l16bwa_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B607BEF4-2B20-4CF4-B023-F87F9082E5F9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1763-l16bwa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D3F7B3DF-9701-4572-8F14-D23ADD480C11"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1763-l16awa_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C0083DB-5493-4308-9E9D-C16EB031FCCD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1763-l16awa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61086D54-3DF1-4EA4-97A6-6B87091FF9D4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1763-l16bbb_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F295FFA-DB99-4C12-8557-8BFA1D9FFC8B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1763-l16bbb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4285CA85-BA1D-4870-8125-49AEA64E9545"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1763-l16dwd_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19E14833-6DDD-45ED-BA02-194183FC7586"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1763-l16dwd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1D4F33C7-3449-409D-8F80-040F5277172A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}