PT-2017-17981 · Rockwell Automation · Micrologix 1400+1
David Formby
+2
·
Publicado
2017-06-30
·
Atualizado
2019-10-03
·
CVE-2017-7898
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers versions 16.00 and prior
Rockwell Automation Allen-Bradley MicroLogix 1400 programmable logic controllers versions 16.00 and prior
Description
An issue with improper restriction of excessive authentication attempts was found, allowing for repeated entry of incorrect passwords without penalties.
Recommendations
For Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers versions 16.00 and prior, consider implementing additional authentication measures to restrict excessive login attempts until a patch is available.
For Rockwell Automation Allen-Bradley MicroLogix 1400 programmable logic controllers versions 16.00 and prior, consider implementing additional authentication measures to restrict excessive login attempts until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Restriction of Excessive Authentication Attempts
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Micrologix 1100
Micrologix 1400