CVE-2016-9334
First published: Mon Feb 13 2017(Updated: )
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation 1763-L16AWA Series A | <=14.000 | |
| Rockwell Automation 1763-L16AWA Series B | <=14.000 | |
| Rockwell Automation 1763-L16BBB Series A | <=14.000 | |
| Rockwell Automation 1763-L16BBB Series B | <=14.000 | |
| Rockwell Automation 1763-L16BWA Series A | <=14.000 | |
| Rockwell Automation 1763-L16AWA Series B | <=14.000 | |
| Rockwell Automation 1763-L16DWD Series A | <=14.000 | |
| Rockwell Automation 1763-L16DWD Series B | <=14.000 | |
| Rockwell Automation 1766-L32AWA Series A | <=15.004 | |
| Rockwell Automation 1766-L32AWA Series B | <=15.004 | |
| Rockwell Automation 1766-L32AWAA Series A | <=15.004 | |
| Rockwell Automation 1766-L32AWAA Series B | <=15.004 | |
| Rockwell Automation 1766-L32BWA Series A | <=15.004 | |
| Rockwell Automation 1766-L32BWA Series B | <=15.004 | |
| Rockwell Automation 1766-L32BWAA Series A | <=15.004 | |
| Rockwell Automation 1766-L32BWAA Series A | <=15.004 | |
| Rockwell Automation 1766-L32BXB Series A | <=15.004 | |
| Rockwell Automation 1766-L32BXB Series B | <=15.004 | |
| Rockwell Automation 1766-L32BXBA Series A | <=15.004 | |
| Rockwell Automation 1766-L32BXBA Series B | <=15.004 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-9334?
The severity of CVE-2016-9334 is categorized as high due to potential exposure to remote code execution.
How do I fix CVE-2016-9334?
To fix CVE-2016-9334, upgrade your Rockwell Automation Allen-Bradley MicroLogix 1100 controller firmware to version 14.001 or later.
Which devices are affected by CVE-2016-9334?
CVE-2016-9334 affects various series of Rockwell Automation Allen-Bradley MicroLogix 1100 controllers, including models 1763-L16AWA, 1763-L16BBB, 1763-L16BWA, and 1763-L16DWD with version 14.000 or prior.
What type of vulnerability is CVE-2016-9334?
CVE-2016-9334 is a remote code execution vulnerability that can allow an attacker to execute arbitrary code on the affected controllers.
Is there a mitigation for CVE-2016-9334?
As a mitigation for CVE-2016-9334, it is recommended that users implement network segmentation and restrict access to the affected devices.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/rockwellautomation
- canonical/rockwell automation 1763-l16awa series a
- version/rockwell automation 1763-l16awa series a/14.000
- canonical/rockwell automation 1763-l16awa series b
- version/rockwell automation 1763-l16awa series b/14.000
- canonical/rockwell automation 1763-l16bbb series a
- version/rockwell automation 1763-l16bbb series a/14.000
- canonical/rockwell automation 1763-l16bbb series b
- version/rockwell automation 1763-l16bbb series b/14.000
- canonical/rockwell automation 1763-l16bwa series a
- version/rockwell automation 1763-l16bwa series a/14.000
- canonical/rockwell automation 1763-l16dwd series a
- version/rockwell automation 1763-l16dwd series a/14.000
- canonical/rockwell automation 1763-l16dwd series b
- version/rockwell automation 1763-l16dwd series b/14.000
- canonical/rockwell automation 1766-l32awa series a
- version/rockwell automation 1766-l32awa series a/15.004
- canonical/rockwell automation 1766-l32awa series b
- version/rockwell automation 1766-l32awa series b/15.004
- canonical/rockwell automation 1766-l32awaa series a
- version/rockwell automation 1766-l32awaa series a/15.004
- canonical/rockwell automation 1766-l32awaa series b
- version/rockwell automation 1766-l32awaa series b/15.004
- canonical/rockwell automation 1766-l32bwa series a
- version/rockwell automation 1766-l32bwa series a/15.004
- canonical/rockwell automation 1766-l32bwa series b
- version/rockwell automation 1766-l32bwa series b/15.004
- canonical/rockwell automation 1766-l32bwaa series a
- version/rockwell automation 1766-l32bwaa series a/15.004
- canonical/rockwell automation 1766-l32bxb series a
- version/rockwell automation 1766-l32bxb series a/15.004
- canonical/rockwell automation 1766-l32bxb series b
- version/rockwell automation 1766-l32bxb series b/15.004
- canonical/rockwell automation 1766-l32bxba series a
- version/rockwell automation 1766-l32bxba series a/15.004
- canonical/rockwell automation 1766-l32bxba series b
- version/rockwell automation 1766-l32bxba series b/15.004