CVE-2017-7899

{"id": "CVE-2017-7899", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-06-30T03:29:00.733", "references": [{"url": "http://www.securitytracker.com/id/1038546", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval."}, {"lang": "es", "value": "Se detect\u00f3 un problema de Exposici\u00f3n de Informaci\u00f3n en los controladores l\u00f3gicos programables MicroLogix 1100 1763-L16AWA, Series A y B, versi\u00f3n 16.00 y anteriores; 1763-L16BBB, Serie A y B, versi\u00f3n 16.00 y anteriores; 1763-L16BWA, Serie A y B, versi\u00f3n 16.00 y anteriores; y 1763-L16DWD, Series A y B, versi\u00f3n 16.00 y anteriores de Allen-Bradley en Rockwell Automation y controladores l\u00f3gicos programables MicroLogix 1400 1766-L32AWA, Series A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BWA, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BWAA, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BXB, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BXBA, Serie A y B, versi\u00f3n 16.00 y anteriores; y 1766-L32AWAA, Series A y B, versi\u00f3n 16.00 y anteriores de Allen-Bradley en Rockwell Automation. Las credenciales de usuario se env\u00edan al servidor web mediante el m\u00e9todo GET HTTP, lo que puede resultar en que se registren las credenciales. Esto podr\u00eda hacer que las credenciales de usuario est\u00e9n disponibles para una recuperaci\u00f3n no autorizada."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44D0CCE-EDA7-4DF2-B67B-C59DFAE7F888", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58E4AB51-E136-4AA3-AFF9-50F240489856", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6006CE1E-08EC-4AFC-8F35-73B24AA7F08D", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F52398D3-996E-4291-887F-6B8E0AF24AFF", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61603F24-7505-4A9E-BA9E-57C7B5A60A6E", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9558148B-3000-4D83-9AB0-380D7FBB0C9A", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C805AFD6-481C-4A32-9CE8-281F9B793263", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC9E1F42-4F17-4EA4-8D0F-30220F560A0E", "versionEndIncluding": "16.000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1100:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA98842B-9D09-4C37-AB34-4E9FA566BAD8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C8E3AF6-1017-4A18-99CA-854F1022ED66", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A093AA8B-7DB9-4373-AE8F-F8B879A4BE5E", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25DA9309-964B-4C1C-8B95-9C1CD80DDC74", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D51D3F6-ABB3-4FFD-81D5-B3D3C29F0A46", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC05C3A1-1042-46AD-83D8-765AF4C9BCD9", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6218A006-1F60-4E29-85CC-7D1BCBD7C734", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B863572-CECF-47DF-AF6F-C25F88200DBE", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59BEBB0E-8C6E-4663-9E0C-E755C2EF0041", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1303D987-4A44-4F33-992E-0C7E683EC7A9", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E7D8E09-D97D-45FF-9AD0-A9B0A846E600", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D9C64FB-A613-4940-86E6-95431B907159", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5C50D4A-EB32-4BE4-B9E6-D25494E2EF55", "versionEndIncluding": "16.000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1400:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FFF2EF59-F451-490D-A7AF-E66D11493948"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}