Lucene search
K

Rockwell Automation MicroLogix 1100 Controllers Improper Input Validation (CVE-2017-7924)

🗓️ 07 Feb 2022 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 40 Views

Rockwell Automation MicroLogix 1100 Controllers Improper Input Validatio

Related
Refs
Code
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500278);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");

  script_cve_id("CVE-2017-7924");
  script_xref(name:"ICSA", value:"17-138-03");

  script_name(english:"Rockwell Automation MicroLogix 1100 Controllers Improper Input Validation (CVE-2017-7924)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA,
1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted
Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the
controller to enter a DoS condition.  

This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/99622");
# https://www.rockwellautomation.com/en-us/support/advisory.PN977.html
# script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3800a05b");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Rockwell Automation recommends updating to the latest firmware revision of MicroLogix 1100 controllers, Version FRN 16.0
or later, which is available at the following location:

http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1763&crumb=112

For more information on this vulnerability and more detailed mitigation instructions, please see Rockwell Automation’s
advisory at the following location:

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1047342

As well as Rockwell Automation’s security page:

http://www.rockwellautomation.com/security/overview.page

ICS-CERT and Rockwell Automation recommend that users take defensive measures to minimize the risk of exploitation of
this vulnerability. Specifically, users should:

- Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by blocking
or restricting access to Port 2222/TCP and UDP and Port 44818/TCP and UDP using proper network infrastructure controls,
such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell
Automation Products, see Rockwell Automation’s Knowledgebase Article ID 898270 which is available at the following
location:

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/898270

- Minimize network exposure for all control system devices and/or systems, and help confirm that they are not accessible
from the Internet.
- Locate control system networks and devices behind firewalls, and use best practices when isolating them from the
business network. The Common Plant-wide Ethernet (CPwE) guide provides recommendations for deploying a plant-wide
architecture: Industrial Firewalls within a CPwE Architecture
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may
have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as
secure as the connected devices.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7924");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/09/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1763-l16bwa_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1763-l16awa_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1763-l16bbb_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:1763-l16dwd_firmware:-");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Rockwell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Rockwell');

var asset = tenable_ot::assets::get(vendor:'Rockwell');

var vuln_cpes = {
    "cpe:/o:rockwellautomation:1763-l16bwa_firmware:-" :
        {"family" : "MicroLogix1100"},
    "cpe:/o:rockwellautomation:1763-l16awa_firmware:-" :
        {"family" : "MicroLogix1100"},
    "cpe:/o:rockwellautomation:1763-l16bbb_firmware:-" :
        {"family" : "MicroLogix1100"},
    "cpe:/o:rockwellautomation:1763-l16dwd_firmware:-" :
        {"family" : "MicroLogix1100"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Apr 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 25
CVSS 37.5
EPSS0.22182
40