CVE-2017-7902
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed.
Se detectó un problema de "Reusing a Nonce, Key Pair in Encryption" en los controladores de lógica programable MicroLogix 1100 de Allen-Bradley 1763-L16AWA, Serie A y B, Versión 16.00 y versiones anteriores; 1763-L16BBB, Serie A y B, Versión 16.00 y versiones anteriores; 1763-L16BWA, Serie A y B, Versión 16.00 y versiones anteriores; y 1763-L16DWD, Serie A y B, Versión 16.00 y versiones anteriores y Controladores lógicos programables Allen-Bradley MicroLogix 1400 1766-L32AWA, Serie A y B, Versión 16.00 y versiones anteriores; 1766-L32BWA, Series A y B, versión 16.00 y versiones anteriores; 1766-L32BWAA, Serie A y B, Versión 16.00 y versiones anteriores; 1766-L32BXB, Serie A y B, Versión 16.00 y versiones anteriores; 1766-L32BXBA, Serie A y B, Versión 16.00 y versiones anteriores; y 1766-L32AWAA, Serie A y B, Versión 16.00 y versiones anteriores. El producto afectado reutiliza nonces, lo que puede permitir que un atacante capture y reproduzca una solicitud válida hasta que se cambie el nonce.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-18 CVE Reserved
- 2017-06-30 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-323: Reusing a Nonce, Key Pair in Encryption
- CWE-330: Use of Insufficiently Random Values
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1038546 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04 | 2019-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16awa Series A Search vendor "Rockwellautomation" for product "1763-l16awa Series A" | <= 16.000 Search vendor "Rockwellautomation" for product "1763-l16awa Series A" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1100 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1100" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16awa Series B Search vendor "Rockwellautomation" for product "1763-l16awa Series B" | <= 16.000 Search vendor "Rockwellautomation" for product "1763-l16awa Series B" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1100 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1100" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16bbb Series A Search vendor "Rockwellautomation" for product "1763-l16bbb Series A" | <= 16.000 Search vendor "Rockwellautomation" for product "1763-l16bbb Series A" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1100 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1100" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16bbb Series B Search vendor "Rockwellautomation" for product "1763-l16bbb Series B" | <= 16.000 Search vendor "Rockwellautomation" for product "1763-l16bbb Series B" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1100 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1100" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16bwa Series A Search vendor "Rockwellautomation" for product "1763-l16bwa Series A" | <= 16.000 Search vendor "Rockwellautomation" for product "1763-l16bwa Series A" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1100 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1100" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16bwa Series B Search vendor "Rockwellautomation" for product "1763-l16bwa Series B" | <= 16.000 Search vendor "Rockwellautomation" for product "1763-l16bwa Series B" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1100 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1100" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16dwd Series A Search vendor "Rockwellautomation" for product "1763-l16dwd Series A" | <= 16.000 Search vendor "Rockwellautomation" for product "1763-l16dwd Series A" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1100 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1100" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1763-l16dwd Series B Search vendor "Rockwellautomation" for product "1763-l16dwd Series B" | <= 16.000 Search vendor "Rockwellautomation" for product "1763-l16dwd Series B" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1100 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1100" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32awa Series A Search vendor "Rockwellautomation" for product "1766-l32awa Series A" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32awa Series A" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32awa Series B Search vendor "Rockwellautomation" for product "1766-l32awa Series B" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32awa Series B" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32awaa Series A Search vendor "Rockwellautomation" for product "1766-l32awaa Series A" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32awaa Series A" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32awaa Series B Search vendor "Rockwellautomation" for product "1766-l32awaa Series B" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32awaa Series B" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bwa Series A Search vendor "Rockwellautomation" for product "1766-l32bwa Series A" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32bwa Series A" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bwa Series B Search vendor "Rockwellautomation" for product "1766-l32bwa Series B" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32bwa Series B" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bwaa Series A Search vendor "Rockwellautomation" for product "1766-l32bwaa Series A" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32bwaa Series A" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bwaa Series B Search vendor "Rockwellautomation" for product "1766-l32bwaa Series B" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32bwaa Series B" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bxb Series A Search vendor "Rockwellautomation" for product "1766-l32bxb Series A" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32bxb Series A" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bxb Series B Search vendor "Rockwellautomation" for product "1766-l32bxb Series B" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32bxb Series B" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bxba Series A Search vendor "Rockwellautomation" for product "1766-l32bxba Series A" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32bxba Series A" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | 1766-l32bxba Series B Search vendor "Rockwellautomation" for product "1766-l32bxba Series B" | <= 16.000 Search vendor "Rockwellautomation" for product "1766-l32bxba Series B" and version " <= 16.000" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Ab Micrologix Controller Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" | 1400 Search vendor "Rockwellautomation" for product "Ab Micrologix Controller" and version "1400" | - |
Safe
|