CVE-2017-7924

EPSS 9.95%
Published 20.09.2017 16:29:00
Last modified 20.04.2025 01:37:25
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Rockwellautomation ≫ 1763-l16bwa Firmware Version-

Rockwellautomation ≫ 1763-l16bwa Version-

Rockwellautomation ≫ 1763-l16awa Firmware Version-

Rockwellautomation ≫ 1763-l16awa Version-

Rockwellautomation ≫ 1763-l16bbb Firmware Version-

Rockwellautomation ≫ 1763-l16bbb Version-

Rockwellautomation ≫ 1763-l16dwd Firmware Version-

Rockwellautomation ≫ 1763-l16dwd Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.95%	0.922

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/99622

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-138-03

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-7924

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7924

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7924

EUVD