Lucene search

[email protected]CVE-2017-7914

HistoryJun 14, 2017 - 9:29 p.m.

CVE-2017-7914

2017-06-1421:29:00

CWE-882

CWE-862

[email protected]

web.nvd.nist.gov

cve-2017-7914

missing authorization

rockwell automation

panelview

remote access

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

8.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

JSON

A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access.

Affected configurations

NVD

Node

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch6.00-20140306

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch6.00.04

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch6.00.05

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch6.00.42

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch6.10-20140122

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch6.10.20121012

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch7.00-20121012

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch7.00-20130108

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch7.00-20130325

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch7.00-20130619

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch7.00-20140128

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch7.00-20140310

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch7.00-20140429

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch7.00-20140621

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch7.00-20140729

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch7.00-20141022

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch8.00-20140730

rockwellautomationpanelview_plus_6_700-1500_firmwareMatch8.00-20141023

AND

rockwellautomationpanelview_plus_6_700-1500Match-

CPENameOperatorVersion
rockwellautomation:panelview_plus_6_700-1500_firmwarerockwellautomation panelview plus 6 700-1500 firmwareeq6.00-20140306
rockwellautomation:panelview_plus_6_700-1500_firmwarerockwellautomation panelview plus 6 700-1500 firmwareeq6.00.04
rockwellautomation:panelview_plus_6_700-1500_firmwarerockwellautomation panelview plus 6 700-1500 firmwareeq6.00.05
rockwellautomation:panelview_plus_6_700-1500_firmwarerockwellautomation panelview plus 6 700-1500 firmwareeq6.00.42
rockwellautomation:panelview_plus_6_700-1500_firmwarerockwellautomation panelview plus 6 700-1500 firmwareeq6.10-20140122
rockwellautomation:panelview_plus_6_700-1500_firmwarerockwellautomation panelview plus 6 700-1500 firmwareeq6.10.20121012
rockwellautomation:panelview_plus_6_700-1500_firmwarerockwellautomation panelview plus 6 700-1500 firmwareeq7.00-20121012
rockwellautomation:panelview_plus_6_700-1500_firmwarerockwellautomation panelview plus 6 700-1500 firmwareeq7.00-20130108
rockwellautomation:panelview_plus_6_700-1500_firmwarerockwellautomation panelview plus 6 700-1500 firmwareeq7.00-20130325
rockwellautomation:panelview_plus_6_700-1500_firmwarerockwellautomation panelview plus 6 700-1500 firmwareeq7.00-20130619

CPE	Name	Operator	Version
rockwellautomation:panelview_plus_6_700-1500_firmware	rockwellautomation panelview plus 6 700-1500 firmware	eq	6.00-20140306
rockwellautomation:panelview_plus_6_700-1500_firmware	rockwellautomation panelview plus 6 700-1500 firmware	eq	6.00.04
rockwellautomation:panelview_plus_6_700-1500_firmware	rockwellautomation panelview plus 6 700-1500 firmware	eq	6.00.05
rockwellautomation:panelview_plus_6_700-1500_firmware	rockwellautomation panelview plus 6 700-1500 firmware	eq	6.00.42
rockwellautomation:panelview_plus_6_700-1500_firmware	rockwellautomation panelview plus 6 700-1500 firmware	eq	6.10-20140122
rockwellautomation:panelview_plus_6_700-1500_firmware	rockwellautomation panelview plus 6 700-1500 firmware	eq	6.10.20121012
rockwellautomation:panelview_plus_6_700-1500_firmware	rockwellautomation panelview plus 6 700-1500 firmware	eq	7.00-20121012
rockwellautomation:panelview_plus_6_700-1500_firmware	rockwellautomation panelview plus 6 700-1500 firmware	eq	7.00-20130108
rockwellautomation:panelview_plus_6_700-1500_firmware	rockwellautomation panelview plus 6 700-1500 firmware	eq	7.00-20130325
rockwellautomation:panelview_plus_6_700-1500_firmware	rockwellautomation panelview plus 6 700-1500 firmware	eq	7.00-20130619

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "Rockwell Automation PanelView Plus 6 700-1500",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Rockwell Automation PanelView Plus 6 700-1500"
      }
    ]
  }
]

References

ics-cert.us-cert.gov/advisories/ICSA-17-157-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

8.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

JSON

Related for CVE-2017-7914

prion1 ics1 cvelist1 nessus2 nvd1