CVE-2017-7899: Infoleak
First published: Fri Jun 30 2017(Updated: )
An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation 1763-L16AWA Series A | <=16.000 | |
| Rockwell Automation 1763-L16AWA Series B | <=16.000 | |
| Rockwell Automation 1763-L16BBB Series A | <=16.000 | |
| Rockwell Automation 1763-L16BBB Series B | <=16.000 | |
| Rockwell Automation 1763-L16BWA Series A | <=16.000 | |
| Rockwell Automation 1763-L16AWA Series B | <=16.000 | |
| Rockwell Automation 1763-L16DWD Series A | <=16.000 | |
| Rockwell Automation 1763-L16DWD Series B | <=16.000 | |
| Rockwell Automation MicroLogix | =1100 | |
| Rockwell Automation 1766-L32AWA Series A | <=16.000 | |
| Rockwell Automation 1766-L32AWA Series B | <=16.000 | |
| Rockwell Automation 1766-L32AWAA Series A | <=16.000 | |
| Rockwell Automation 1766-L32AWAA Series B | <=16.000 | |
| Rockwell Automation 1766-L32BWA Series A | <=16.000 | |
| Rockwell Automation 1766-L32BWA Series B | <=16.000 | |
| Rockwell Automation 1766-L32BWAA Series A | <=16.000 | |
| Rockwell Automation 1766-L32BWAA Series A | <=16.000 | |
| Rockwell Automation 1766-L32BXB Series A | <=16.000 | |
| Rockwell Automation 1766-L32BXB Series B | <=16.000 | |
| Rockwell Automation 1766-L32BXBA Series A | <=16.000 | |
| Rockwell Automation 1766-L32BXBA Series B | <=16.000 | |
| Rockwell Automation MicroLogix | =1400 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7899?
CVE-2017-7899 is classified with a medium severity level due to information exposure risks.
How do I fix CVE-2017-7899?
To mitigate CVE-2017-7899, update the affected Rockwell Automation Allen-Bradley MicroLogix controllers to the latest firmware version.
Which versions of Rockwell Automation products are affected by CVE-2017-7899?
CVE-2017-7899 affects Rockwell Automation Allen-Bradley MicroLogix 1100 controllers running Version 16.00 and prior.
What kind of exposure does CVE-2017-7899 present?
CVE-2017-7899 presents an information exposure issue that could allow unauthorized access to sensitive data.
What should I do if I'm running an affected version related to CVE-2017-7899?
If you are running an affected version, it is critical to apply the updates provided by Rockwell Automation to prevent unauthorized information access.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/rockwellautomation
- canonical/rockwell automation 1763-l16awa series a
- version/rockwell automation 1763-l16awa series a/16.000
- canonical/rockwell automation 1763-l16awa series b
- version/rockwell automation 1763-l16awa series b/16.000
- canonical/rockwell automation 1763-l16bbb series a
- version/rockwell automation 1763-l16bbb series a/16.000
- canonical/rockwell automation 1763-l16bbb series b
- version/rockwell automation 1763-l16bbb series b/16.000
- canonical/rockwell automation 1763-l16bwa series a
- version/rockwell automation 1763-l16bwa series a/16.000
- canonical/rockwell automation 1763-l16dwd series a
- version/rockwell automation 1763-l16dwd series a/16.000
- canonical/rockwell automation 1763-l16dwd series b
- version/rockwell automation 1763-l16dwd series b/16.000
- canonical/rockwell automation micrologix
- version/rockwell automation micrologix/1100
- canonical/rockwell automation 1766-l32awa series a
- version/rockwell automation 1766-l32awa series a/16.000
- canonical/rockwell automation 1766-l32awa series b
- version/rockwell automation 1766-l32awa series b/16.000
- canonical/rockwell automation 1766-l32awaa series a
- version/rockwell automation 1766-l32awaa series a/16.000
- canonical/rockwell automation 1766-l32awaa series b
- version/rockwell automation 1766-l32awaa series b/16.000
- canonical/rockwell automation 1766-l32bwa series a
- version/rockwell automation 1766-l32bwa series a/16.000
- canonical/rockwell automation 1766-l32bwa series b
- version/rockwell automation 1766-l32bwa series b/16.000
- canonical/rockwell automation 1766-l32bwaa series a
- version/rockwell automation 1766-l32bwaa series a/16.000
- canonical/rockwell automation 1766-l32bxb series a
- version/rockwell automation 1766-l32bxb series a/16.000
- canonical/rockwell automation 1766-l32bxb series b
- version/rockwell automation 1766-l32bxb series b/16.000
- canonical/rockwell automation 1766-l32bxba series a
- version/rockwell automation 1766-l32bxba series a/16.000
- canonical/rockwell automation 1766-l32bxba series b
- version/rockwell automation 1766-l32bxba series b/16.000
- version/rockwell automation micrologix/1400