Lucene search

[email protected]CVE-2017-16740

HistoryJan 09, 2018 - 9:29 p.m.

CVE-2017-16740

2018-01-0921:29:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2017-16740

buffer overflow

rockwell automation

micrologix 1400

remote code execution

nvd

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.3%

JSON

A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CPENameOperatorVersion
rockwellautomation:1766-l32bxba_firmwarerockwellautomation 1766-l32bxba firmwarele21.002
rockwellautomation:1766-l32awa_firmwarerockwellautomation 1766-l32awa firmwarele21.002
rockwellautomation:1766-l32bxb_firmwarerockwellautomation 1766-l32bxb firmwarele21.002
rockwellautomation:1766-l32bwaa_firmwarerockwellautomation 1766-l32bwaa firmwarele21.002
rockwellautomation:1766-l32awaa_firmwarerockwellautomation 1766-l32awaa firmwarele21.002
rockwellautomation:1766-l32bwa_firmwarerockwellautomation 1766-l32bwa firmwarele21.002

CPE	Name	Operator	Version
rockwellautomation:1766-l32bxba_firmware	rockwellautomation 1766-l32bxba firmware	le	21.002
rockwellautomation:1766-l32awa_firmware	rockwellautomation 1766-l32awa firmware	le	21.002
rockwellautomation:1766-l32bxb_firmware	rockwellautomation 1766-l32bxb firmware	le	21.002
rockwellautomation:1766-l32bwaa_firmware	rockwellautomation 1766-l32bwaa firmware	le	21.002
rockwellautomation:1766-l32awaa_firmware	rockwellautomation 1766-l32awaa firmware	le	21.002
rockwellautomation:1766-l32bwa_firmware	rockwellautomation 1766-l32bwa firmware	le	21.002

References

www.securityfocus.com/bid/102474

ics-cert.us-cert.gov/advisories/ICSA-18-009-01

rockwellautomation.custhelp.com/app/answers/detail/a_id/1070883

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.3%

JSON

Related for CVE-2017-16740

cvelist1 prion1 ics1 nessus2