CVE-2017-7924

EPSS 9.95%
Veröffentlicht 20.09.2017 16:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ 1763-l16bwa Firmware Version-

Rockwellautomation ≫ 1763-l16bwa Version-

Rockwellautomation ≫ 1763-l16awa Firmware Version-

Rockwellautomation ≫ 1763-l16awa Version-

Rockwellautomation ≫ 1763-l16bbb Firmware Version-

Rockwellautomation ≫ 1763-l16bbb Version-

Rockwellautomation ≫ 1763-l16dwd Firmware Version-

Rockwellautomation ≫ 1763-l16dwd Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.95%	0.922

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/99622

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-7924

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7924

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7924

EUVD