External risk intelligence

Rockwell Automation PLC Weak Password Requirements Risk.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2017-7903

Rockwell Automation's Allen-Bradley MicroLogix programmable logic controllers are affected by weak password requirements due to short, numeric passwords. This vulnerability may allow unauthorized access, potentially leading to operational disruptions and business risk.

2Halo Surface Signal

Rockwellautomation 1763 L16awa Series A

16.000 and earlier

External exposure likelihood

Halo Surface Signal score for CVE-2017-7903

The product is a Programmable Logic Controller (PLC) used in industrial control systems. While industrial devices are occasionally exposed to the internet via misconfiguration or improper remote access setups, they are fundamentally designed to operate within isolated, segmented operational technology (OT) networks and are not intended for public-facing internet deployment.

PCI scan relevance

PCI Relevance for CVE-2017-7903

Yes

CVE-2017-7903 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability is relevant to PCI DSS scans because it allows for authentication bypass on industrial control devices, which could affect system security.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

Rockwell Automation's Allen-Bradley MicroLogix controllers are affected by a vulnerability related to weak password requirements. The flaw stems from the use of numeric passwords with a limited maximum character size. This could enable unauthorized access and potentially disrupt operations.

Rockwell Automation MicroLogix controllers
Numeric passwords have small maximum size
Unauthorized access and operational disruption

Attack Path

How an attacker could exploit the issue

The identified vulnerability impacts Rockwell Automation Allen-Bradley programmable logic controllers. An attacker could exploit weak password requirements on these devices, which use numeric passwords with a limited character size. This could allow unauthorized access to the controller's functions.

Network access required
Attacker guesses password
Unauthorized control achieved

Live Threat

Current exploitation, exposure, and threat context

This vulnerability affects Rockwell Automation Allen-Bradley MicroLogix programmable logic controllers. It stems from weak password requirements that allow for short, numeric passwords. An attacker with network access could potentially exploit this weakness to gain unauthorized control of the affected systems. The primary risk involves unauthorized access to and manipulation of industrial control processes, which could lead to operational disruptions or safety concerns.

Likely attacker skill level: Basic
Required access or conditions: Network access
Business risk or urgency: Moderate

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability affects Rockwell Automation Allen-Bradley programmable logic controllers. The issue stems from weak password requirements, specifically a small maximum character size for numeric passwords. This could allow unauthorized access to these industrial control systems, posing a significant risk to operational integrity and data security.

Identify affected controllers.
Isolate controllers from network exposure.
Apply vendor updates and verify.
Monitor for related activity.

Frequently asked questions

What are the affected Rockwell Automation Allen-Bradley MicroLogix programmable logic controllers and their specific versions with weak...

The affected Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 programmable logic controllers, including specific models like the 1763-L16AWA, 1763-L16BBB, 1763-L16BWA, 1763-L16DWD, 1766-L32AWA, 1766-L32BWA, 1766-L32BWAA, 1766-L32BXB, and 1766-L32AWAA, are vulnerable up to version 16.00. This vulnerability impacts Series A and B of these controllers.

What is the nature of the weakness in Rockwell Automation MicroLogix controllers, and what is the associated risk?

The weakness lies in the controllers' weak password requirements, specifically using numeric passwords with a small maximum character size. This could allow an attacker with network access to guess passwords and gain unauthorized control, potentially disrupting industrial processes.

How can an attacker exploit the weak password requirements on these Rockwell Automation controllers, and what is the scope of the impact?

An attacker with network access can exploit this vulnerability by attempting to guess the short, numeric passwords due to their limited character size. This could grant them unauthorized access to the controller's functions, impacting the integrity of industrial control processes. The scope is limited to the affected controllers accessible via the network.

What is the relevance of CVE-2017-7903 to industrial control systems, and why is it classified as external?

CVE-2017-7903 is relevant to industrial control systems as it affects Rockwell Automation Allen-Bradley programmable logic controllers. The vulnerability, related to weak password requirements, allows for unauthorized access. It is classified as external because the CVSS v3.1 attack vector is network-based, meaning an attacker can exploit it remotely over a network.

What practical steps can be taken to address the weak password vulnerability in Rockwell Automation controllers?

To address this vulnerability, organizations should first identify all affected controllers. It is recommended to isolate these controllers from network exposure where possible. Applying vendor-provided updates and verifying their successful implementation is crucial. Continuous monitoring for any suspicious activity related to these devices should also be maintained.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.