Vulnerability CVE-2016-9338


Published: 2017-02-13

Description:
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller.

Vendor: Rockwellautomation
Product: 1766-l32bxb series a 
Version: 15.004;
Product: 1766-l32bwa series b 
Version: 15.004;
Product: 1766-l32bxba series b 
Version: 15.004;
Product: 1766-l32awa series b 
Version: 15.004;
Product: 1766-l32bxba series a 
Version: 15.004;
Product: 1766-l32awaa series b 
Version: 15.004;
Product: 1766-l32awa series a 
Version: 15.004;
Product: 1766-l32bwaa series b 
Version: 15.004;
Product: 1766-l32awaa series a 
Version: 15.004;
Product: 1766-l32bwa series a 
Version: 15.004;
Product: 1766-l32bxb series b 
Version: 15.004;
Product: 1766-l32bwaa series a 
Version: 15.004;
Product: 1763-l16dwd series b 
Version: 14.000;
Product: 1763-l16bbb series a 
Version: 14.000;
Product: 1763-l16bwa series a 
Version: 14.000;
Product: 1763-l16awa series a 
Version: 14.000;
Product: 1763-l16dwd series a 
Version: 14.000;
Product: 1763-l16bwa series b 
Version: 14.000;
Product: 1763-l16awa series b 
Version: 14.000;
Product: 1763-l16bbb series b 
Version: 14.000;

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.securityfocus.com/bid/95302
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06

Related CVE
CVE-2018-19282
Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it ...
CVE-2019-6553
A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an atta...
CVE-2018-19016
Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial...
CVE-2013-2805
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect...
CVE-2010-5305
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain ...
CVE-2013-2807
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the...
CVE-2013-2806
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the...
CVE-2018-18981
In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service c...

Copyright 2019, cxsecurity.com

 

Back to Top