{ "id": "CVE-2017-7902", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2017-06-30T03:29:00.827", "lastModified": "2019-10-09T23:29:55.517", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A \"Reusing a Nonce, Key Pair in Encryption\" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed." }, { "lang": "es", "value": "Se detect\u00f3 un problema de \"Reusing a Nonce, Key Pair in Encryption\" en los controladores de l\u00f3gica programable MicroLogix 1100 de Allen-Bradley 1763-L16AWA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1763-L16BBB, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1763-L16BWA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; y 1763-L16DWD, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores y Controladores l\u00f3gicos programables Allen-Bradley MicroLogix 1400 1766-L32AWA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1766-L32BWA, Series A y B, versi\u00f3n 16.00 y versiones anteriores; 1766-L32BWAA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1766-L32BXB, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1766-L32BXBA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; y 1766-L32AWAA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores. El producto afectado reutiliza nonces, lo que puede permitir que un atacante capture y reproduzca una solicitud v\u00e1lida hasta que se cambie el nonce." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-330" } ] }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-323" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "E44D0CCE-EDA7-4DF2-B67B-C59DFAE7F888" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "58E4AB51-E136-4AA3-AFF9-50F240489856" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "6006CE1E-08EC-4AFC-8F35-73B24AA7F08D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "F52398D3-996E-4291-887F-6B8E0AF24AFF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "61603F24-7505-4A9E-BA9E-57C7B5A60A6E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "9558148B-3000-4D83-9AB0-380D7FBB0C9A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "C805AFD6-481C-4A32-9CE8-281F9B793263" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "DC9E1F42-4F17-4EA4-8D0F-30220F560A0E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1100:*:*:*:*:*:*:*", "matchCriteriaId": "FA98842B-9D09-4C37-AB34-4E9FA566BAD8" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "8C8E3AF6-1017-4A18-99CA-854F1022ED66" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "A093AA8B-7DB9-4373-AE8F-F8B879A4BE5E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "25DA9309-964B-4C1C-8B95-9C1CD80DDC74" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "6D51D3F6-ABB3-4FFD-81D5-B3D3C29F0A46" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "DC05C3A1-1042-46AD-83D8-765AF4C9BCD9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "6218A006-1F60-4E29-85CC-7D1BCBD7C734" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "6B863572-CECF-47DF-AF6F-C25F88200DBE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "59BEBB0E-8C6E-4663-9E0C-E755C2EF0041" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "1303D987-4A44-4F33-992E-0C7E683EC7A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "1E7D8E09-D97D-45FF-9AD0-A9B0A846E600" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "9D9C64FB-A613-4940-86E6-95431B907159" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*", "versionEndIncluding": "16.000", "matchCriteriaId": "B5C50D4A-EB32-4BE4-B9E6-D25494E2EF55" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1400:*:*:*:*:*:*:*", "matchCriteriaId": "FFF2EF59-F451-490D-A7AF-E66D11493948" } ] } ] } ], "references": [ { "url": "http://www.securitytracker.com/id/1038546", "source": "ics-cert@hq.dhs.gov", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04", "source": "ics-cert@hq.dhs.gov", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ] } ] }