fkie_cve-2016-9338
Vulnerability from fkie_nvd
Published
2017-02-13 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/95302 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95302 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7434A56-A11C-4362-A806-ECC05EF81EDC",
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E55698D3-601A-48E4-AD5A-C42AA32A02DC",
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBC09CC-AD8C-4412-90B0-1E798B56C4F7",
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58265FCD-55B4-4E9C-8A02-9702B8ED5E4C",
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A719DAFD-8BA2-4E56-AC78-60C2D9FCBAA0",
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "530BB796-C178-49C1-ADF7-7B34E9FD6ED8",
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D6A13D-69AC-431B-9E12-BDB6523BB49D",
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D38291EC-779A-461C-971B-09A52C2FB668",
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44A021E4-B93B-4AA0-B7E7-A69F86666D24",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE93E4A-C845-4B29-B09E-DA5EC4F22EC2",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5F717B-487B-473F-BD50-0DE76CAFD6B7",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB0FCA4-C3D7-46CC-9D4A-C7FE8B7D25C4",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55708721-9FAF-4778-95AE-C51FAF42E234",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6A9C27-E079-43CD-A348-C257AD1B2C9B",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2830F25-7489-4B96-8750-8E187BA155A8",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "391B81A5-A3BB-44FD-9849-2D9FC0A004EE",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AACFCF1B-5FD4-451E-94F9-FFE6CA3427DB",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31BCB97C-9F7C-47C7-832E-2EAA7B841CA2",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93282079-80A2-4CDF-9EF8-D9EEBAC1D238",
"versionEndIncluding": "15.004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F5D81D-62BA-4655-8FB1-43BC0FF3288B",
"versionEndIncluding": "15.004",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en controlador Rockwell Automation Allen-Bradley MicroLogix 1100, 1763-L16AWA, Serie A y B, Versi\u00f3n 14.000 y versiones anteriores; 1763-L16BBB, Serie A y B, Versi\u00f3n 14.000 y versiones anteriores; 1763-L16BWA, Serie A y B, Versi\u00f3n 14.000 y versiones anteriores; y 1763-L16DWD, Serie A y B, Versi\u00f3n 14.000 y versiones anteriores. Debido a una asignaci\u00f3n de permisos incorrecta para recursos cr\u00edticos, los usuarios con privilegios de administrador pueden eliminar todos los usuarios administrativos requiri\u00e9ndose un restablecimiento de f\u00e1brica para restaurar la funci\u00f3n del servidor web auxiliar. La explotaci\u00f3n de esta vulnerabilidad seguir\u00e1 permitiendo que el dispositivo afectado funcione en su capacidad como controlador."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/732.html\"\u003eCWE-732: Incorrect Permission Assignment for Critical Resource\u003c/a\u003e",
"id": "CVE-2016-9338",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T21:59:01.627",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95302"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…