PT-2015-3357 · Rockwell Automation · Micrologix 1100+1
Ilya Karpov
·
Published
2015-10-27
·
Updated
2017-07-08
·
CVE-2017-7903
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Micrologix 1100 versions prior to 16.00
Micrologix 1400 versions prior to 16.00
Description
The issue is related to the use of weak passwords, specifically numeric passwords with a small maximum character size. This could allow a remote attacker to bypass security restrictions. The affected products are programmable logic controllers, and the vulnerability is associated with insufficiently secure password requirements.
Recommendations
For Micrologix 1100 versions prior to 16.00, consider changing the password to a stronger one with a larger character size to minimize the risk of exploitation.
For Micrologix 1400 versions prior to 16.00, consider changing the password to a stronger one with a larger character size to minimize the risk of exploitation.
As a temporary workaround, consider restricting access to the controllers until a patch is available.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Micrologix 1100
Micrologix 1400