Vulnerability CVE-2017-7924


Published: 2017-09-20

Description:
An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Rockwellautomation -> 1763-l16dwd firmware 
Rockwellautomation -> 1763-l16bbb firmware 
Rockwellautomation -> 1763-l16bwa firmware 
Rockwellautomation -> 1763-l16awa firmware 

 References:
http://www.securityfocus.com/bid/99622
https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03

Copyright 2022, cxsecurity.com

 

Back to Top