PT-2017-17982 · Rockwell Automation · Micrologix 1400+1
Published
2017-06-30
·
Updated
2024-10-21
·
CVE-2017-7901
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers versions 16.00 and prior
Rockwell Automation Allen-Bradley MicroLogix 1400 programmable logic controllers versions 16.00 and prior
Description
A Predictable Value Range from Previous Values issue was discovered, where insufficiently random TCP initial sequence numbers are generated. This may allow an attacker to predict the numbers from previous values, potentially enabling them to spoof or disrupt TCP connections and resulting in a denial of service for the target device.
Recommendations
For Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers versions 16.00 and prior, update to a version later than 16.00 to resolve the issue.
For Rockwell Automation Allen-Bradley MicroLogix 1400 programmable logic controllers versions 16.00 and prior, update to a version later than 16.00 to resolve the issue.
Fix
DoS
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Micrologix 1100
Micrologix 1400