ICS Advisory: Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Last Revised: May 23, 2017 Alert Code: ICSA-17-115-04 CVSS v3 9.8 Attention: Remotely exploitable, low skill level to exploit. Vendor and Equipment Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1100 and 1400 Vulnerabilities Predictable Value Range from Previous Values (CVE-2017-7901) Reusing a Nonce, Key Pair in Encryption (CVE-2017-7902) Information Exposure (CVE-2017-7899) Improper Restriction of Excessive Authentication Attempts (CVE-2017-7898) Weak Password Requirements (CVE-2017-7903) Affected Products MicroLogix 1100 versions: - 1763-L16AWA, Series A and B, Version 16.00 and prior versions - 1763-L16BBB, Series A and B, Version 16.00 and prior versions - 1763-L16BWA, Series A and B, Version 16.00 and prior versions - 1763-L16DWD, Series A and B, Version 16.00 and prior versions MicroLogix 1400 versions: - 1766-L32AWA, Series A and B, Version 16.00 and prior versions - 1766-L32BWA, Series A and B, Version 16.00 and prior versions - 1766-L32BWAA, Series A and B, Version 16.00 and prior versions - 1766-L32BXB, Series A and B, Version 16.00 and prior versions - 1766-L32BXBA, Series A and B, Version 16.00 and prior versions - 1766-L32AWAA, Series A and B, Version 16.00 and prior versions Impact Successful exploitation can allow unauthorized access, spoof or disrupt TCP connections. Mitigation New firmware version FRN 21.00 for MicroLogix 1400 Series B controllers. Disable the web server if not needed. Set the mode to RUN via LCD soft keyswitch. Minimize network exposure. Use secure remote access methods. Follow recommended practices on the ICS-CERT web page. Vulnerability Overview CVE-2017-7901: Predictable Value Range from Previous Values (CWE-343) CVE-2017-7902: Reusing a Nonce, Key Pair in Encryption (CWE-323) CVE-2017-7899: Information Exposure (CWE-200) CVE-2017-7898: Improper Restriction of Excessive Authentication Attempts (CWE-307) CVE-2017-7903: Weak Password Requirements (CWE-521) Researcher Reported by Rockwell Automation, David Formby, Raheem Beyah, and Fortiphyd Logic. Background Critical Infrastructure Sectors: Food and Agriculture, Water and Wastewater Systems. Deployed Worldwide. Company Headquarters: Milwaukee, Wisconsin.