CVE-2017-7899

Name of the Vulnerable Software and Affected Versions Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers versions 16.00 and prior Rockwell Automation Allen-Bradley MicroLogix 1400 programmable logic controllers versions 16.00 and prior

Description An Information Exposure issue was discovered where user credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval. The vulnerability is related to the transmission of user credentials to the web server, potentially allowing a remote attacker to obtain user credentials.

Recommendations For Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers versions 16.00 and prior, consider disabling the HTTP GET method for transmitting user credentials until a patch is available. For Rockwell Automation Allen-Bradley MicroLogix 1400 programmable logic controllers versions 16.00 and prior, consider disabling the HTTP GET method for transmitting user credentials until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.