CVE-2016-9338
Severity Score
2.7
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller.
Ha sido descubierto un problema en controlador Rockwell Automation Allen-Bradley MicroLogix 1100, 1763-L16AWA, Serie A y B, Versión 14.000 y versiones anteriores; 1763-L16BBB, Serie A y B, Versión 14.000 y versiones anteriores; 1763-L16BWA, Serie A y B, Versión 14.000 y versiones anteriores; y 1763-L16DWD, Serie A y B, Versión 14.000 y versiones anteriores. Debido a una asignación de permisos incorrecta para recursos críticos, los usuarios con privilegios de administrador pueden eliminar todos los usuarios administrativos requiriéndose un restablecimiento de fábrica para restaurar la función del servidor web auxiliar. La explotación de esta vulnerabilidad seguirá permitiendo que el dispositivo afectado funcione en su capacidad como controlador.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-11-16 CVE Reserved
- 2017-02-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95302 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16awa Series A Search vendor "Rockwellautomation" for product "1763-l16awa Series A" | <= 14.000 Search vendor "Rockwellautomation" for product "1763-l16awa Series A" and version " <= 14.000" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16awa Series B Search vendor "Rockwellautomation" for product "1763-l16awa Series B" | <= 14.000 Search vendor "Rockwellautomation" for product "1763-l16awa Series B" and version " <= 14.000" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16bbb Series A Search vendor "Rockwellautomation" for product "1763-l16bbb Series A" | <= 14.000 Search vendor "Rockwellautomation" for product "1763-l16bbb Series A" and version " <= 14.000" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16bbb Series B Search vendor "Rockwellautomation" for product "1763-l16bbb Series B" | <= 14.000 Search vendor "Rockwellautomation" for product "1763-l16bbb Series B" and version " <= 14.000" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16bwa Series A Search vendor "Rockwellautomation" for product "1763-l16bwa Series A" | <= 14.000 Search vendor "Rockwellautomation" for product "1763-l16bwa Series A" and version " <= 14.000" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16bwa Series B Search vendor "Rockwellautomation" for product "1763-l16bwa Series B" | <= 14.000 Search vendor "Rockwellautomation" for product "1763-l16bwa Series B" and version " <= 14.000" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16dwd Series A Search vendor "Rockwellautomation" for product "1763-l16dwd Series A" | <= 14.000 Search vendor "Rockwellautomation" for product "1763-l16dwd Series A" and version " <= 14.000" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16dwd Series B Search vendor "Rockwellautomation" for product "1763-l16dwd Series B" | <= 14.000 Search vendor "Rockwellautomation" for product "1763-l16dwd Series B" and version " <= 14.000" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32awa Series A Search vendor "Rockwellautomation" for product "1766-l32awa Series A" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32awa Series A" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32awa Series B Search vendor "Rockwellautomation" for product "1766-l32awa Series B" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32awa Series B" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32awaa Series A Search vendor "Rockwellautomation" for product "1766-l32awaa Series A" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32awaa Series A" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32awaa Series B Search vendor "Rockwellautomation" for product "1766-l32awaa Series B" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32awaa Series B" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bwa Series A Search vendor "Rockwellautomation" for product "1766-l32bwa Series A" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32bwa Series A" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bwa Series B Search vendor "Rockwellautomation" for product "1766-l32bwa Series B" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32bwa Series B" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bwaa Series A Search vendor "Rockwellautomation" for product "1766-l32bwaa Series A" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32bwaa Series A" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bwaa Series B Search vendor "Rockwellautomation" for product "1766-l32bwaa Series B" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32bwaa Series B" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bxb Series A Search vendor "Rockwellautomation" for product "1766-l32bxb Series A" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32bxb Series A" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bxb Series B Search vendor "Rockwellautomation" for product "1766-l32bxb Series B" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32bxb Series B" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bxba Series A Search vendor "Rockwellautomation" for product "1766-l32bxba Series A" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32bxba Series A" and version " <= 15.004" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bxba Series B Search vendor "Rockwellautomation" for product "1766-l32bxba Series B" | <= 15.004 Search vendor "Rockwellautomation" for product "1766-l32bxba Series B" and version " <= 15.004" | - |
Affected
| ||||||