製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Rockwell Automation Allen-Bradley MicroLogix 1100 および 1400 コントローラにおける証明書・パスワードの管理に関する脆弱性

Title	複数の Rockwell Automation Allen-Bradley MicroLogix 1100 および 1400 コントローラにおける証明書・パスワードの管理に関する脆弱性
Summary	複数の Rockwell Automation Allen-Bradley MicroLogix 1100 および 1400 コントローラには、証明書・パスワードの管理に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 23, 2017, midnight
Registration Date	July 25, 2017, 5:21 p.m.
Last Update	July 25, 2017, 5:21 p.m.

Affected System

Rockwell Automation

Allen-Bradley MicroLogix 1100 1763-L16AWA Series A 16.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16AWA Series B 16.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16BBB Series A 16.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16BBB Series B 16.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16BWA Series A 16.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16BWA Series B 16.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16DWD Series A 16.000 およびそれ以前

Allen-Bradley MicroLogix 1100 1763-L16DWD Series B 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32AWA Series A 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32AWA Series B 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32AWAA Series A 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32AWAA Series B 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BWA Series A 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BWA Series B 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BWAA Series A 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BWAA Series B 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BXB Series A 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BXB Series B 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BXBA Series A 16.000 およびそれ以前

Allen-Bradley MicroLogix 1400 1766-L32BXBA Series B 16.000 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-7899	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7899
National Vulnerability Database (NVD)
2	CVE-2017-7899	https://nvd.nist.gov/vuln/detail/CVE-2017-7899

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-255	https://jvndb.jvn.jp/ja/cwe/CWE-255.html

ベンダー情報

No	Name	URL
Rockwell Automation
1	MicroLogix 1100コントローラ	http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-1100
2	MicroLogix 1400コントローラ	http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-1400

その他

No	Name	URL
関連文書
1	ICSA-17-115-04	https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04

Change Log

No	Changed Details	Date of change
0	[2017年07月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-7899

Summary	An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval.
Publication Date	June 30, 2017, 12:29 p.m.
Registration Date	Jan. 26, 2021, 1:29 p.m.
Last Update	Nov. 21, 2024, 12:32 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:rockwellautomation:1763-l16awa_series_a::::::::			16.000
cpe:2.3:a:rockwellautomation:1763-l16awa_series_b::::::::			16.000
cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a::::::::			16.000
cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b::::::::			16.000
cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a::::::::			16.000
cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b::::::::			16.000
cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a::::::::			16.000
cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b::::::::			16.000
execution environment
1	cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1100:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:rockwellautomation:1766-l32awa_series_a::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32awa_series_b::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a::::::::			16.000
cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b::::::::			16.000
execution environment
1	cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1400:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securitytracker.com/id/1038546
2	http://www.securitytracker.com/id/1038546
3	https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04	Patch Third Party Advisory US Government Resource
4	https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04	Patch Third Party Advisory US Government Resource

Common Vulnerabilities List