mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
269 lines
11 KiB
JSON
269 lines
11 KiB
JSON
{
|
|
"id": "CVE-2017-7903",
|
|
"sourceIdentifier": "ics-cert@hq.dhs.gov",
|
|
"published": "2017-06-30T03:29:00.860",
|
|
"lastModified": "2017-07-08T01:29:17.600",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se detect\u00f3 un problema de Requisitos de Contrase\u00f1a D\u00e9biles en los controladores l\u00f3gicos programables MicroLogix 1100 1763-L16AWA, Series A y B, versi\u00f3n 16.00 y anteriores; 1763-L16BBB, Serie A y B, versi\u00f3n 16.00 y anteriores; 1763-L16BWA, Serie A y B, versi\u00f3n 16.00 y anteriores; y 1763-L16DWD, Series A y B, versi\u00f3n 16.00 y anteriores de Allen-Bradley en Rockwell Automation y controladores l\u00f3gicos programables MicroLogix 1400 1766-L32AWA, Series A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BWA, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BWAA, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BXB, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BXBA, Serie A y B, versi\u00f3n 16.00 y anteriores; y 1766-L32AWAA, Series A y B, versi\u00f3n 16.00 y anteriores de Allen-Bradley en Rockwell Automation. Los productos afectados usan una contrase\u00f1a num\u00e9rica con un peque\u00f1o tama\u00f1o m\u00e1ximo de caracteres para la contrase\u00f1a."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-326"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-521"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "E44D0CCE-EDA7-4DF2-B67B-C59DFAE7F888"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "58E4AB51-E136-4AA3-AFF9-50F240489856"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "6006CE1E-08EC-4AFC-8F35-73B24AA7F08D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "F52398D3-996E-4291-887F-6B8E0AF24AFF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "61603F24-7505-4A9E-BA9E-57C7B5A60A6E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "9558148B-3000-4D83-9AB0-380D7FBB0C9A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "C805AFD6-481C-4A32-9CE8-281F9B793263"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "DC9E1F42-4F17-4EA4-8D0F-30220F560A0E"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1100:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FA98842B-9D09-4C37-AB34-4E9FA566BAD8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "8C8E3AF6-1017-4A18-99CA-854F1022ED66"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "A093AA8B-7DB9-4373-AE8F-F8B879A4BE5E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "25DA9309-964B-4C1C-8B95-9C1CD80DDC74"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "6D51D3F6-ABB3-4FFD-81D5-B3D3C29F0A46"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "DC05C3A1-1042-46AD-83D8-765AF4C9BCD9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "6218A006-1F60-4E29-85CC-7D1BCBD7C734"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "6B863572-CECF-47DF-AF6F-C25F88200DBE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "59BEBB0E-8C6E-4663-9E0C-E755C2EF0041"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "1303D987-4A44-4F33-992E-0C7E683EC7A9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "1E7D8E09-D97D-45FF-9AD0-A9B0A846E600"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "9D9C64FB-A613-4940-86E6-95431B907159"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "16.000",
|
|
"matchCriteriaId": "B5C50D4A-EB32-4BE4-B9E6-D25494E2EF55"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1400:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FFF2EF59-F451-490D-A7AF-E66D11493948"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1038546",
|
|
"source": "ics-cert@hq.dhs.gov"
|
|
},
|
|
{
|
|
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
}
|
|
]
|
|
} |