Published: 20/09/2017 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 580

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An Improper Input Validation issue exists in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rockwellautomation 1763-l16bwa_firmware -
rockwellautomation 1763-l16awa_firmware -
rockwellautomation 1763-l16bbb_firmware -
rockwellautomation 1763-l16dwd_firmware -

A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition MicroLogix 1100 controllers are affected: 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DW ...

A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition. MicroLogix 1100 controllers are affected: 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. CVE-2017-7924 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned.

msf > use auxiliary/dos/scada/allen_bradley_pccc
msf auxiliary(allen_bradley_pccc) > show actions
    ...actions...
msf auxiliary(allen_bradley_pccc) > set ACTION < action-name >
msf auxiliary(allen_bradley_pccc) > show options
    ...show and set options...
msf auxiliary(allen_bradley_pccc) > run

A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition. MicroLogix 1100 controllers are affected: 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. CVE-2017-7924 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned.

msf > use auxiliary/dos/scada/allen_bradley_pccc
msf auxiliary(allen_bradley_pccc) > show actions
    ...actions...
msf auxiliary(allen_bradley_pccc) > set ACTION < action-name >
msf auxiliary(allen_bradley_pccc) > show options
    ...show and set options...
msf auxiliary(allen_bradley_pccc) > run

CWE-20 https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03 http://www.securityfocus.com/bid/99622 https://nvd.nist.gov https://www.rapid7.com/db/modules/auxiliary/dos/scada/allen_bradley_pccc/

CVE-2017-7924

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

References

Vulmon Search

About

Products

Connect