| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| Rockwell Automation/Allen-Bradley MicroLogix 1100 Controllers Denial of Service (ICSA-17-138-03) | 8 May 201900:00 | – | nessus | |
| Rockwellautomation 1763-l16bwa Improper Input Validation | 8 Nov 201900:00 | – | nessus | |
| CVE-2017-7924 | 1 Feb 201921:29 | – | circl | |
| Rockwell Automation MicroLogix 1100 Denial of Service Vulnerability | 26 Jul 201700:00 | – | cnvd | |
| Rockwell Automation MicroLogix 1100 Denial of Service (CVE-2017-7924) | 24 Mar 201900:00 | – | checkpoint_advisories | |
| CVE-2017-7924 | 20 Sep 201716:00 | – | cve | |
| CVE-2017-7924 | 20 Sep 201716:00 | – | cvelist | |
| EUVD-2017-16895 | 7 Oct 202500:30 | – | euvd | |
| Rockwell Automation MicroLogix 1100 Controllers | 18 May 201700:00 | – | ics | |
| DoS Exploitation of Allen-Bradley's Legacy Protocol (PCCC) | 18 Dec 201816:49 | – | metasploit |
| Source | Link |
|---|---|
| ics-cert | www.ics-cert.us-cert.gov/advisories/ICSA-17-138-03 |
| securityfocus | www.securityfocus.com/bid/99622 |
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500278);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");
script_cve_id("CVE-2017-7924");
script_xref(name:"ICSA", value:"17-138-03");
script_name(english:"Rockwell Automation MicroLogix 1100 Controllers Improper Input Validation (CVE-2017-7924)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA,
1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted
Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the
controller to enter a DoS condition.
This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/99622");
# https://www.rockwellautomation.com/en-us/support/advisory.PN977.html
# script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3800a05b");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Rockwell Automation recommends updating to the latest firmware revision of MicroLogix 1100 controllers, Version FRN 16.0
or later, which is available at the following location:
http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1763&crumb=112
For more information on this vulnerability and more detailed mitigation instructions, please see Rockwell Automationâs
advisory at the following location:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1047342
As well as Rockwell Automationâs security page:
http://www.rockwellautomation.com/security/overview.page
ICS-CERT and Rockwell Automation recommend that users take defensive measures to minimize the risk of exploitation of
this vulnerability. Specifically, users should:
- Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by blocking
or restricting access to Port 2222/TCP and UDP and Port 44818/TCP and UDP using proper network infrastructure controls,
such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell
Automation Products, see Rockwell Automationâs Knowledgebase Article ID 898270 which is available at the following
location:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/898270
- Minimize network exposure for all control system devices and/or systems, and help confirm that they are not accessible
from the Internet.
- Locate control system networks and devices behind firewalls, and use best practices when isolating them from the
business network. The Common Plant-wide Ethernet (CPwE) guide provides recommendations for deploying a plant-wide
architecture: Industrial Firewalls within a CPwE Architecture
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may
have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as
secure as the connected devices.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7924");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/20");
script_set_attribute(attribute:"patch_publication_date", value:"2017/09/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1763-l16bwa_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1763-l16awa_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1763-l16bbb_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1763-l16dwd_firmware:-");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Rockwell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Rockwell');
var asset = tenable_ot::assets::get(vendor:'Rockwell');
var vuln_cpes = {
"cpe:/o:rockwellautomation:1763-l16bwa_firmware:-" :
{"family" : "MicroLogix1100"},
"cpe:/o:rockwellautomation:1763-l16awa_firmware:-" :
{"family" : "MicroLogix1100"},
"cpe:/o:rockwellautomation:1763-l16bbb_firmware:-" :
{"family" : "MicroLogix1100"},
"cpe:/o:rockwellautomation:1763-l16dwd_firmware:-" :
{"family" : "MicroLogix1100"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation