CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 0CVE-2017-7898
https://notcve.org/view.php?id=CVE-2017-7898
30 Jun 2017 — An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and ... • http://www.securitytracker.com/id/1038546 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 3%CPEs: 22EXPL: 0CVE-2017-7899
https://notcve.org/view.php?id=CVE-2017-7899
30 Jun 2017 — An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; ... • http://www.securitytracker.com/id/1038546 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 22EXPL: 0CVE-2017-7901
https://notcve.org/view.php?id=CVE-2017-7901
30 Jun 2017 — A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.... • http://www.securitytracker.com/id/1038546 • CWE-330: Use of Insufficiently Random Values CWE-343: Predictable Value Range from Previous Values •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-7902
https://notcve.org/view.php?id=CVE-2017-7902
30 Jun 2017 — A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 ... • http://www.securitytracker.com/id/1038546 • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-7903
https://notcve.org/view.php?id=CVE-2017-7903
30 Jun 2017 — A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versi... • http://www.securitytracker.com/id/1038546 • CWE-326: Inadequate Encryption Strength CWE-521: Weak Password Requirements •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2016-0868
https://notcve.org/view.php?id=CVE-2016-0868
28 Jan 2016 — Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request. Desbordamiento de buffer basado en pila en dispositivos Rockwell Automation Allen-Bradley MicroLogix 1100 A hasta la versión 15.000 y B anteriores a 15.002 permite a atacantes remotos ejecutar código arbitrario a través de una petición web manipulada. • http://www.securitytracker.com/id/1034861 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6486
https://notcve.org/view.php?id=CVE-2015-6486
28 Oct 2015 — SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección de SQL en dispositivos Allen-Bradley MicroLogix 1100 en versiones anteriores a B FRN 15.000 y dispositivos 1400 en versiones anteriores a B FRN 15.003 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6488
https://notcve.org/view.php?id=CVE-2015-6488
28 Oct 2015 — Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el servidor web en los dispositivos Allen-Bradley MicroLogix 1100 en versiones anteriores a B FRN 15.000 y dispositivos 1400 en versiones anteriores a B FRN 15.003 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitra... • https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6490
https://notcve.org/view.php?id=CVE-2015-6490
28 Oct 2015 — Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento del buffer basado en pila en los dispositivos Allen-Bradley MicroLogix 1100 en versiones anteriores a B FRN 15.000 y dispositivos 1400 hasta la versión B FRN 15.003 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0CVE-2015-6491
https://notcve.org/view.php?id=CVE-2015-6491
28 Oct 2015 — Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. Dispositivos Allen-Bradley MicroLogix 1100 en versiones anteriores a B FRN 15.000 y dispositivos 1400 en versiones anteriores a B FRN 15.003 permiten a usuarios remotos autenticados insertar el contenido de un archivo arbitrario en un elemento FRAME a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03 •