QSearchQSearch

CVE-2017-7903

9.8 CRITICAL

A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 176...

Published: 2017-06-30 · Last updated: 2026-06-03

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-326, CWE-521

Affected products

VendorProduct
rockwellautomation1763-l16awa_series_a, 1763-l16awa_series_b, 1763-l16bbb_series_a

Description

A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-33012 Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause ... (8.6 HIGH)
  • CVE-2021-32926 When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that incl... (7.5 HIGH)
  • CVE-2021-22659 Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus... (8.6 HIGH)
  • CVE-2020-6990 Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versi... (9.8 CRITICAL)
  • CVE-2020-6988 Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versi... (7.5 HIGH)

Same CWE

  • CVE-2026-11493 A weakness has been identified in Tenda AC15 15.03.05.19 (5.0 MEDIUM)
  • CVE-2026-41860 CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM (8.8 HIGH)
  • CVE-2026-8878 Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensiti... (7.5 HIGH)
  • CVE-2026-45787 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client (9.1 CRITICAL)
  • CVE-2024-40684 IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3... (5.9 MEDIUM)