PT-2017-17981 · Rockwell Automation · Micrologix 1400+1
David Formby
+2
·
Published
2017-06-30
·
Updated
2019-10-03
·
CVE-2017-7898
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers versions 16.00 and prior
Rockwell Automation Allen-Bradley MicroLogix 1400 programmable logic controllers versions 16.00 and prior
Description
An issue with improper restriction of excessive authentication attempts was found, allowing for repeated entry of incorrect passwords without penalties.
Recommendations
For Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers versions 16.00 and prior, consider implementing additional authentication measures to restrict excessive login attempts until a patch is available.
For Rockwell Automation Allen-Bradley MicroLogix 1400 programmable logic controllers versions 16.00 and prior, consider implementing additional authentication measures to restrict excessive login attempts until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Micrologix 1100
Micrologix 1400