Vulnerabilities > CVE-2017-7898 - Improper Restriction of Excessive Authentication Attempts vulnerability in Rockwellautomation products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

rockwellautomation

CWE-307

critical

NVD

Published: 2017-06-30

Updated: 2019-10-03

Summary

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords.

Vulnerable Configurations

Part	Description	Count
Application	Rockwellautomation Rockwellautomation 1763 L16Awa Series A 14.000 Rockwellautomation 1763 L16Awa Series A 15.000 Rockwellautomation 1763 L16Awa Series A 16.000 Rockwellautomation 1763 L16Awa Series B 14.000 Rockwellautomation 1763 L16Awa Series B 15.000 Rockwellautomation 1763 L16Awa Series B 16.000 Rockwellautomation 1763 L16Bbb Series A 14.000 Rockwellautomation 1763 L16Bbb Series A 15.000 Rockwellautomation 1763 L16Bbb Series A 16.000 Rockwellautomation 1763 L16Bbb Series B 14.000 Rockwellautomation 1763 L16Bbb Series B 15.000 Rockwellautomation 1763 L16Bbb Series B 16.000 Rockwellautomation 1763 L16Bwa Series A 14.000 Rockwellautomation 1763 L16Bwa Series A 15.000 Rockwellautomation 1763 L16Bwa Series A 16.000 Rockwellautomation 1763 L16Bwa Series B 14.000 Rockwellautomation 1763 L16Bwa Series B 15.000 Rockwellautomation 1763 L16Bwa Series B 16.000 Rockwellautomation 1763 L16Dwd Series A 14.000 Rockwellautomation 1763 L16Dwd Series A 15.000 Rockwellautomation 1763 L16Dwd Series A 16.000 Rockwellautomation 1763 L16Dwd Series B 14.000 Rockwellautomation 1763 L16Dwd Series B 15.000 Rockwellautomation 1763 L16Dwd Series B 16.000 Rockwellautomation 1766 L32Awa Series A 15.004 Rockwellautomation 1766 L32Awa Series A 16.000 Rockwellautomation 1766 L32Awa Series B 15.004 Rockwellautomation 1766 L32Awa Series B 16.000 Rockwellautomation 1766 L32Awaa Series A 15.004 Rockwellautomation 1766 L32Awaa Series A 16.000 Rockwellautomation 1766 L32Awaa Series B 15.004 Rockwellautomation 1766 L32Awaa Series B 16.000 Rockwellautomation 1766 L32Bwa Series A 15.004 Rockwellautomation 1766 L32Bwa Series A 16.000 Rockwellautomation 1766 L32Bwa Series B 15.004 Rockwellautomation 1766 L32Bwa Series B 16.000 Rockwellautomation 1766 L32Bwaa Series A 15.004 Rockwellautomation 1766 L32Bwaa Series A 16.000 Rockwellautomation 1766 L32Bwaa Series B 15.004 Rockwellautomation 1766 L32Bwaa Series B 16.000 Rockwellautomation 1766 L32Bxb Series A 15.004 Rockwellautomation 1766 L32Bxb Series A 16.000 Rockwellautomation 1766 L32Bxb Series B 15.004 Rockwellautomation 1766 L32Bxb Series B 16.000 Rockwellautomation 1766 L32Bxba Series A 15.004 Rockwellautomation 1766 L32Bxba Series A 16.000 Rockwellautomation 1766 L32Bxba Series B 15.004 Rockwellautomation 1766 L32Bxba Series B 16.000	48
Hardware	Rockwellautomation Rockwellautomation AB Micrologix Controller 1100 Rockwellautomation AB Micrologix Controller 1400	2

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References