Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ROCKWELL_CVE-2017-7901.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Predictable Value Range From Previous Values (CVE-2017-7901)
2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
rockwell automation
allen-bradley
micrologix 1100
micrologix 1400
predictable value range
tcp sequence numbers
cve-2017-7901
denial of service
tenable.ot
attack_prediction
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
8.4
Confidence
High
EPSS
0
Percentile
15.7%
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections, resulting in a denial of service for the target device.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500082);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2017-7901");
script_xref(name:"ICSA", value:"17-115-04");
script_name(english:"Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Predictable Value Range From Previous Values (CVE-2017-7901)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100
programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and
B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD,
Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers
1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior
versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and
prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B,
Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an
attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections,
resulting in a denial of service for the target device.
This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1038546");
# https://www.rockwellautomation.com/en-us/support/advisory.PN967.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?51d5739f");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Rockwell Automation has released a new firmware version for the Allen-Bradley MicroLogix 1400 Series B controllers, FRN
21.00, to address the identified vulnerabilities. Rockwell Automation encourages users to apply the latest firmware
versions that address the identified vulnerabilities.
Rockwell Automationรขยยs new firmware version for the Allen-Bradley MicroLogix 1400 Series B controllers, FRN 21.00, is
available at the following location:
http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1766-Lxx&crumb=112
There are no firmware versions to address these vulnerabilities in the Allen-Bradley MicroLogix 1100 or MicroLogix 1400
Series A controllers, but Rockwell Automation has offered some compensating controls. Rockwell Automation reports that
users can disable the web server on the Allen-Bradley MicroLogix 1100 and 1400 Series A controllers to protect against
the exploitation of the improper restriction of excessive authentication attempts and weak password requirements
vulnerabilities.
Rockwell Automation recommends that if it is not needed, users should consider disabling the web server to further
mitigate these threats.
- Disable the web server on the MicroLogix 1100 and 1400 controllers, if not needed, as it is enabled by default. See
Knowledge Base article: 732398 for detailed instructions on disabling the web server. The Web Server Tech Note, KB:
732398 รขยย How to Disable the Web Server in MicroLogix 1100 and 1400 is available at the following URL with a valid
account:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/732398
- Set the mode to RUN via LCD soft keyswitch to prohibit any re-enabling of the web server while the keyswitch is in
this mode.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7901");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(330);
script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/30");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16dwd_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16bbb_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16bbb_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16bwa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16dwd_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16bwa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16awa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16awa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32awaa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bxba_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bwa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32awa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bxba_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bxb_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32awa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32awaa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bwaa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bwa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bxb_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bwaa_series_a");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Rockwell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Rockwell');
var asset = tenable_ot::assets::get(vendor:'Rockwell');
var vuln_cpes = {
"cpe:/a:rockwellautomation:1766-l32awaa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32awaa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bxba_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1763-l16bbb_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1763-l16dwd_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1763-l16dwd_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1763-l16bwa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1766-l32bxb_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bwaa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32awa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1763-l16awa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1766-l32bwaa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bwa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bwa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32awa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bxba_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bxb_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1763-l16awa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1763-l16bbb_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1763-l16bwa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);Related
nessus
nessus
Rockwellautomation 1763-l16awa Use of Insufficiently Random Values
2019-11-08 00:00:00
cve
cve
CVE-2017-7901
2017-06-30 03:29:00
cvelist
cvelist
CVE-2017-7901
2017-06-30 02:35:00
prion
prion
Code injection
2017-06-30 03:29:00
nvd
nvd
CVE-2017-7901
2017-06-30 03:29:00
ics
ics
Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400
2017-05-23 12:00:00
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
8.4
Confidence
High
EPSS
0
Percentile
15.7%
Related for TENABLE_OT_ROCKWELL_CVE-2017-7901.NASL