Vulnerability identifier: #VU6696

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7899

CWE-ID: CWE-598

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Allen-Bradley MicroLogix 1400
Hardware solutions / Office equipment, IP-phones, print servers
Allen-Bradley MicroLogix 1100
Hardware solutions / Office equipment, IP-phones, print servers

Vendor: Rockwell Automation

Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to an error when sending credentials to the web server using the HTTP GET method, which may result in the credentials being logged.

Successful exploitation of the vulnerability may result in unauthorized retrieval of the user credentials.

Mitigation
Update to version 21.00

Vulnerable software versions

Allen-Bradley MicroLogix 1400: 1766-L32AWAA 16.00 - 1766-L32AWA 16.00

Allen-Bradley MicroLogix 1100: 1763-L16DWD 16.00 - 1763-L16AWA 16.00

---

External links
http://ics-cert.us-cert.gov/advisories/ICSA-17-115-04

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.