{"containers": {"cna": {"affected": [{"product": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400", "vendor": "n/a", "versions": [{"status": "affected", "version": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400"}]}], "datePublic": "2017-06-29T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A \"Reusing a Nonce, Key Pair in Encryption\" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-323", "description": "CWE-323", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-07-07T09:57:01.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "1038546", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038546"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-7902", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400", "version": {"version_data": [{"version_value": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A \"Reusing a Nonce, Key Pair in Encryption\" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-323"}]}]}, "references": {"reference_data": [{"name": "1038546", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038546"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:28.546Z"}, "title": "CVE Program Container", "references": [{"name": "1038546", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038546"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-7902", "datePublished": "2017-06-30T02:35:00.000Z", "dateReserved": "2017-04-18T00:00:00.000Z", "dateUpdated": "2024-08-05T16:19:28.546Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*", "matchCriteriaId": "E44D0CCE-EDA7-4DF2-B67B-C59DFAE7F888", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*", "matchCriteriaId": "58E4AB51-E136-4AA3-AFF9-50F240489856", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*", "matchCriteriaId": "6006CE1E-08EC-4AFC-8F35-73B24AA7F08D", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*", "matchCriteriaId": "F52398D3-996E-4291-887F-6B8E0AF24AFF", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*", "matchCriteriaId": "61603F24-7505-4A9E-BA9E-57C7B5A60A6E", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*", "matchCriteriaId": "9558148B-3000-4D83-9AB0-380D7FBB0C9A", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*", "matchCriteriaId": "C805AFD6-481C-4A32-9CE8-281F9B793263", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC9E1F42-4F17-4EA4-8D0F-30220F560A0E", "versionEndIncluding": "16.000", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1100:*:*:*:*:*:*:*", "matchCriteriaId": "FA98842B-9D09-4C37-AB34-4E9FA566BAD8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C8E3AF6-1017-4A18-99CA-854F1022ED66", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*", "matchCriteriaId": "A093AA8B-7DB9-4373-AE8F-F8B879A4BE5E", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*", "matchCriteriaId": "25DA9309-964B-4C1C-8B95-9C1CD80DDC74", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D51D3F6-ABB3-4FFD-81D5-B3D3C29F0A46", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC05C3A1-1042-46AD-83D8-765AF4C9BCD9", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*", "matchCriteriaId": "6218A006-1F60-4E29-85CC-7D1BCBD7C734", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B863572-CECF-47DF-AF6F-C25F88200DBE", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*", "matchCriteriaId": "59BEBB0E-8C6E-4663-9E0C-E755C2EF0041", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*", "matchCriteriaId": "1303D987-4A44-4F33-992E-0C7E683EC7A9", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E7D8E09-D97D-45FF-9AD0-A9B0A846E600", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D9C64FB-A613-4940-86E6-95431B907159", "versionEndIncluding": "16.000", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5C50D4A-EB32-4BE4-B9E6-D25494E2EF55", "versionEndIncluding": "16.000", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1400:*:*:*:*:*:*:*", "matchCriteriaId": "FFF2EF59-F451-490D-A7AF-E66D11493948", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A \"Reusing a Nonce, Key Pair in Encryption\" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed."}, {"lang": "es", "value": "Se detect\u00f3 un problema de \"Reusing a Nonce, Key Pair in Encryption\" en los controladores de l\u00f3gica programable MicroLogix 1100 de Allen-Bradley 1763-L16AWA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1763-L16BBB, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1763-L16BWA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; y 1763-L16DWD, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores y Controladores l\u00f3gicos programables Allen-Bradley MicroLogix 1400 1766-L32AWA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1766-L32BWA, Series A y B, versi\u00f3n 16.00 y versiones anteriores; 1766-L32BWAA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1766-L32BXB, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; 1766-L32BXBA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores; y 1766-L32AWAA, Serie A y B, Versi\u00f3n 16.00 y versiones anteriores. El producto afectado reutiliza nonces, lo que puede permitir que un atacante capture y reproduzca una solicitud v\u00e1lida hasta que se cambie el nonce."}], "id": "CVE-2017-7902", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-30T03:29:00.827", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038546"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038546"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-323"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}