Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ROCKWELL_CVE-2017-7903.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Weak Password Requirements (CVE-2017-7903)
2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
rockwell automation
allen-bradley
weak password
micrologix 1100
micrologix 1400
cve-2017-7903
tenable.ot.
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
24.2%
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable- logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions;
1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500110);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2017-7903");
script_xref(name:"ICSA", value:"17-115-04");
script_name(english:"Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Weak Password Requirements (CVE-2017-7903)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-
logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version
16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and
B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series
A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA,
Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions;
1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and
prior versions. The affected products use a numeric password with a small maximum character size for the password.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1038546");
# https://www.rockwellautomation.com/en-us/support/advisory.PN967.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?51d5739f");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Rockwell Automation has released a new firmware version for the Allen-Bradley MicroLogix 1400 Series B controllers, FRN
21.00, to address the identified vulnerabilities. Rockwell Automation encourages users to apply the latest firmware
versions that address the identified vulnerabilities.
Rockwell Automationรขยยs new firmware version for the Allen-Bradley MicroLogix 1400 Series B controllers, FRN 21.00, is
available at the following location:
http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1766-Lxx&crumb=112
There are no firmware versions to address these vulnerabilities in the Allen-Bradley MicroLogix 1100 or MicroLogix 1400
Series A controllers, but Rockwell Automation has offered some compensating controls. Rockwell Automation reports that
users can disable the web server on the Allen-Bradley MicroLogix 1100 and 1400 Series A controllers to protect against
the exploitation of the improper restriction of excessive authentication attempts and weak password requirements
vulnerabilities.
Rockwell Automation recommends that if it is not needed, users should consider disabling the web server to further
mitigate these threats.
- Disable the web server on the MicroLogix 1100 and 1400 controllers, if not needed, as it is enabled by default. See
Knowledge Base article: 732398 for detailed instructions on disabling the web server. The Web Server Tech Note, KB:
732398 รขยย How to Disable the Web Server in MicroLogix 1100 and 1400 is available at the following URL with a valid
account:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/732398
- Set the mode to RUN via LCD soft keyswitch to prohibit any re-enabling of the web server while the keyswitch is in
this mode.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7903");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(326);
script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/30");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16bbb_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16bbb_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16dwd_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16bwa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16awa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16awa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16bwa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1763-l16dwd_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32awaa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bwaa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bwa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32awaa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bxba_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bwa_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32awa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bxb_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bwaa_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bxba_series_b");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32bxb_series_a");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:1766-l32awa_series_b");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Rockwell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Rockwell');
var asset = tenable_ot::assets::get(vendor:'Rockwell');
var vuln_cpes = {
"cpe:/a:rockwellautomation:1766-l32awaa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32awaa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bxba_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1763-l16bbb_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1763-l16dwd_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1763-l16dwd_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1763-l16bwa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1766-l32bxb_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bwaa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32awa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1763-l16awa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1766-l32bwaa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bwa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bwa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32awa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bxba_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1766-l32bxb_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1400"},
"cpe:/a:rockwellautomation:1763-l16awa_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1763-l16bbb_series_b" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"},
"cpe:/a:rockwellautomation:1763-l16bwa_series_a" :
{"versionEndIncluding" : "16.00", "family" : "MicroLogix1100"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);| Vendor | Product | Version | CPE |
|---|---|---|---|
| rockwellautomation | 1766-l32bxba_series_a | cpe:/a:rockwellautomation:1766-l32bxba_series_a | |
| rockwellautomation | 1766-l32bwaa_series_a | cpe:/a:rockwellautomation:1766-l32bwaa_series_a | |
| rockwellautomation | 1763-l16dwd_series_a | cpe:/a:rockwellautomation:1763-l16dwd_series_a | |
| rockwellautomation | 1766-l32bxba_series_b | cpe:/a:rockwellautomation:1766-l32bxba_series_b | |
| rockwellautomation | 1766-l32bwa_series_b | cpe:/a:rockwellautomation:1766-l32bwa_series_b | |
| rockwellautomation | 1766-l32awaa_series_b | cpe:/a:rockwellautomation:1766-l32awaa_series_b | |
| rockwellautomation | 1766-l32awa_series_b | cpe:/a:rockwellautomation:1766-l32awa_series_b | |
| rockwellautomation | 1763-l16dwd_series_b | cpe:/a:rockwellautomation:1763-l16dwd_series_b | |
| rockwellautomation | 1766-l32bxb_series_a | cpe:/a:rockwellautomation:1766-l32bxb_series_a | |
| rockwellautomation | 1766-l32bwaa_series_b | cpe:/a:rockwellautomation:1766-l32bwaa_series_b |
Related
ptsecurity
ptsecurity
nessus
nessus
Rockwellautomation 1763-l16awa Inadequate Encryption Strength
2019-11-08 00:00:00
prion
prion
Default credentials
2017-06-30 03:29:00
cvelist
cvelist
CVE-2017-7903
2017-06-30 02:35:00
nvd
nvd
CVE-2017-7903
2017-06-30 03:29:00
cve
cve
CVE-2017-7903
2017-06-30 03:29:00
ics
ics
Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400
2017-05-23 12:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
24.2%
Related for TENABLE_OT_ROCKWELL_CVE-2017-7903.NASL