Detections
Analytics
Rockwell Automation/Allen-Bradley MicroLogix 1100 Controllers Denial of Service (ICSA-17-138-03)
high Nessus Network Monitor Plugin ID 720131
Synopsis
An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers that could allow a denial of service condition.Description
An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03,http://www.securityfocus.com/bid/99622
Plugin Details
Severity: High
ID: 720131
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 7/18/2017
Vulnerability Publication Date: 7/18/2017
Reference Information
CVE: CVE-2017-7924
BID: 99622