fkie_cve-2017-7902
Vulnerability from fkie_nvd
Published
2017-06-30 03:29
Modified
2025-04-20 01:37
Severity ?
Summary
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securitytracker.com/id/1038546 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038546 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E44D0CCE-EDA7-4DF2-B67B-C59DFAE7F888",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58E4AB51-E136-4AA3-AFF9-50F240489856",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6006CE1E-08EC-4AFC-8F35-73B24AA7F08D",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F52398D3-996E-4291-887F-6B8E0AF24AFF",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61603F24-7505-4A9E-BA9E-57C7B5A60A6E",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9558148B-3000-4D83-9AB0-380D7FBB0C9A",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C805AFD6-481C-4A32-9CE8-281F9B793263",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9E1F42-4F17-4EA4-8D0F-30220F560A0E",
"versionEndIncluding": "16.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1100:*:*:*:*:*:*:*",
"matchCriteriaId": "FA98842B-9D09-4C37-AB34-4E9FA566BAD8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8E3AF6-1017-4A18-99CA-854F1022ED66",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A093AA8B-7DB9-4373-AE8F-F8B879A4BE5E",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25DA9309-964B-4C1C-8B95-9C1CD80DDC74",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D51D3F6-ABB3-4FFD-81D5-B3D3C29F0A46",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC05C3A1-1042-46AD-83D8-765AF4C9BCD9",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6218A006-1F60-4E29-85CC-7D1BCBD7C734",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B863572-CECF-47DF-AF6F-C25F88200DBE",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEBB0E-8C6E-4663-9E0C-E755C2EF0041",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1303D987-4A44-4F33-992E-0C7E683EC7A9",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7D8E09-D97D-45FF-9AD0-A9B0A846E600",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9C64FB-A613-4940-86E6-95431B907159",
"versionEndIncluding": "16.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C50D4A-EB32-4BE4-B9E6-D25494E2EF55",
"versionEndIncluding": "16.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1400:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF2EF59-F451-490D-A7AF-E66D11493948",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A \"Reusing a Nonce, Key Pair in Encryption\" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de \"Reusing a Nonce, Key Pair in Encryption\" en los controladores de l\u00f3gica programable MicroLogix 1100 de Allen-Bradley 1763-L16AWA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1763-L16BBB, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1763-L16BWA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; y 1763-L16DWD, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores y Controladores l\u00f3gicos programables Allen-Bradley MicroLogix 1400 1766-L32AWA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1766-L32BWA, Series A y B, versi\u00f3n 16.00 y versiones anteriores; 1766-L32BWAA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1766-L32BXB, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1766-L32BXBA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; y 1766-L32AWAA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores. El producto afectado reutiliza nonces, lo que puede permitir que un atacante capture y reproduzca una solicitud v\u00e1lida hasta que se cambie el nonce."
}
],
"id": "CVE-2017-7902",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-30T03:29:00.827",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038546"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-323"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…