Number: AV17-074
Date: 25 May 2017
Purpose
The purpose of this advisory is to bring attention to a recently released security update for the AllenBradley MicroLogix 1100 and 1400 programmablelogic controller products.
Assessment
Rockwell Automation has released a security update to address 5 vulnerabilities in its AllenBradley MicroLogix 1100 and 1400 programmablelogic controller products. The severity of the vulnerabilities in range from medium to critical, and exploitation could allow an unprivileged attacker to remotely execute code and/or create denial of service conditions.
Affected software versions (AllenBradley MicroLogix 1100):
- 1763L16AWA, Series A and B, Version 16.00 and prior versions
- 1763L16BBB, Series A and B, Version 16.00 and prior versions
- 1763L16BWA, Series A and B, Version 16.00 and prior versions
- 1763L16DWD, Series A and B, Version 16.00 and prior versions
Affected software versions (AllenBradley MicroLogix 1400):
- 1766L32AWA, Series A and B, Version 16.00 and prior versions
- 1766L32BWA, Series A and B, Version 16.00 and prior versions
- 1766L32BWAA, Series A and B, Version 16.00 and prior versions
- 1766L32BXB, Series A and B, Version 16.00 and prior versions
- 1766L32BXBA, Series A and B, Version 16.00 and prior versions
- 1766L32AWAA, Series A and B, Version 16.00 and prior versions
CVE References:
CVE20177898, CVE20177899, CVE20177901, CVE20177902, CVE20177903
Suggested Action
CCIRC recommends that system administrators test and deploy the vendorreleased updates to affected devices per your change management policies.
References: