製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Rockwell Automation Allen-Bradley MicroLogix 1100 および 1400 コントローラにおける認証情報を取得される脆弱性

Title	複数の Rockwell Automation Allen-Bradley MicroLogix 1100 および 1400 コントローラにおける認証情報を取得される脆弱性
Summary	複数の Rockwell Automation Allen-Bradley MicroLogix 1100 および 1400 コントローラは、ユーザの認証情報を平文で Web サーバに送信するため、認証情報を取得される脆弱性が存在します。
Possible impacts	攻撃者により、サーバと Web ブラウザ間のトラフィックの監視が可能な場合、認証情報を取得される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 3, 2016, midnight
Registration Date	April 7, 2017, 4:02 p.m.
Last Update	April 7, 2017, 4:02 p.m.

Affected System

Rockwell Automation

Allen-Bradley MicroLogix 1100 1763-L16AWA Series A 14.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16AWA Series B 14.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16BBB Series A 14.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16BBB Series B 14.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16BWA Series A 14.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16BWA Series B 14.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16DWD Series A 14.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16DWD Series B 14.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32AWA Series A 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32AWA Series B 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32AWAA Series A 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32AWAA Series B 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BWA Series A 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BWA Series B 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BWAA Series A 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BWAA Series B 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BXB Series A 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BXB Series B 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BXBA Series A 15.004 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BXBA Series B 15.004 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-9334	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9334
National Vulnerability Database (NVD)
2	CVE-2016-9334	https://nvd.nist.gov/vuln/detail/CVE-2016-9334

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Rockwell Automation
1	MicroLogix 1100コントローラ	http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-1100
2	MicroLogix 1400コントローラ	http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-1400

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-16-336-06	https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06

Change Log

No	Changed Details	Date of change
0	[2017年04月07日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-9334

Summary	An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server.
Publication Date	Feb. 14, 2017, 6:59 a.m.
Registration Date	Jan. 26, 2021, 2:20 p.m.
Last Update	Nov. 21, 2024, noon

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b::::::::		15.004
cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b::::::::		15.004
cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b::::::::		15.004
cpe:2.3:a:rockwellautomation:1766-l32awa_series_a::::::::		15.004
cpe:2.3:a:rockwellautomation:1766-l32awa_series_b::::::::		15.004
cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a::::::::		14.000
cpe:2.3:a:rockwellautomation:1763-l16awa_series_b::::::::		14.000
cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b::::::::		14.000
cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a::::::::		15.004
cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a::::::::		14.000
cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a::::::::		15.004
cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b::::::::		15.004
cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b::::::::		15.004
cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a::::::::		15.004
cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a::::::::		15.004
cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b::::::::		14.000
cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a::::::::		15.004
cpe:2.3:a:rockwellautomation:1763-l16awa_series_a::::::::		14.000
cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b::::::::		14.000
cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a::::::::		14.000

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/95302	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/95302	Third Party Advisory VDB Entry
3	https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06	Third Party Advisory US Government Resource
4	https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06	Third Party Advisory US Government Resource

Common Vulnerabilities List