9.8
CVE-2017-7898
- EPSS 1.14%
- Published 30.06.2017 03:29:00
- Last modified 20.04.2025 01:37:25
- Source ics-cert@hq.dhs.gov
- Teams watchlist Login
- Open Login
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords.
Data is provided by the National Vulnerability Database (NVD)
Rockwellautomation ≫ 1763-l16awa Series A Version <= 16.000
Rockwellautomation ≫ 1763-l16awa Series B Version <= 16.000
Rockwellautomation ≫ 1763-l16bbb Series A Version <= 16.000
Rockwellautomation ≫ 1763-l16bbb Series B Version <= 16.000
Rockwellautomation ≫ 1763-l16bwa Series A Version <= 16.000
Rockwellautomation ≫ 1763-l16bwa Series B Version <= 16.000
Rockwellautomation ≫ 1763-l16dwd Series A Version <= 16.000
Rockwellautomation ≫ 1763-l16dwd Series B Version <= 16.000
Rockwellautomation ≫ 1766-l32awa Series A Version <= 16.000
Rockwellautomation ≫ 1766-l32awa Series B Version <= 16.000
Rockwellautomation ≫ 1766-l32awaa Series A Version <= 16.000
Rockwellautomation ≫ 1766-l32awaa Series B Version <= 16.000
Rockwellautomation ≫ 1766-l32bwa Series A Version <= 16.000
Rockwellautomation ≫ 1766-l32bwa Series B Version <= 16.000
Rockwellautomation ≫ 1766-l32bwaa Series A Version <= 16.000
Rockwellautomation ≫ 1766-l32bwaa Series B Version <= 16.000
Rockwellautomation ≫ 1766-l32bxb Series A Version <= 16.000
Rockwellautomation ≫ 1766-l32bxb Series B Version <= 16.000
Rockwellautomation ≫ 1766-l32bxba Series A Version <= 16.000
Rockwellautomation ≫ 1766-l32bxba Series B Version <= 16.000
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.14% | 0.765 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.