SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-277094470] Rockwell Automation PanelView Plus 6 700-1500

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-06-06OtherRockwell AutomationRockwell Automation self-reported this vulnerability. N/ACVE-2017-7914 N/AN/AN/A

Source

						
							
								
#
# Rockwell Automation PanelView Plus 6 700-1500
#


### VULNERABLE VENDOR
Rockwell Automation


### VULNERABLE PRODUCT
PanelView Plus 6 700-1500



### RESEARCHER
Rockwell Automation self-reported this vulnerability.



### AFFECTED PRODUCTS

The following versions of PanelView Plus 6 700-1500, graphic terminals and logic module products, are affected:

6.00.04,
6.00.05,
6.00.42,
6.00-20140306,
6.10.20121012,
6.10-20140122,
7.00-20121012,
7.00-20130108,
7.00-20130325,
7.00-20130619,
7.00-20140128,
7.00-20140310,
7.00-20140429,
7.00-20140621,
7.00-20140729,
7.00-20141022,
8.00-20140730, and
8.00-20141023
Additionally, Rockwell Automation reports that graphic terminals running OS 2.31 or greater are not affected by this vulnerability.



### IMPACT

Successful exploitation of this vulnerability could allow an attacker to remotely access the device to potentially retrieve data or disrupt the availability of the device.



### VULNERABILITY OVERVIEW

MISSING AUTHORIZATION CWE-862
There is no authorization check when connecting to the device, allowing an attacker remote access.
CVE-2017-7914 has been assigned to this vulnerability.
A CVSS v3 base score of 8.6 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, and Water and Wastewater Systems.
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States




### MITIGATION

Rockwell Automation has released a security advisory found at the following link. A login is required to view the advisory.

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1047345/page/1


Rockwell Automation reports that affected users should update to any of the following available firmware revisions that address the vulnerability:

V7.00: Apply V7.00-20150209
V8.00: Apply V8.00-20160418
V8.10: Apply V8.10-20151026 or later
V8.20: Apply V8.20-20160308 or later
V9.00: Apply V9.00-20170328 or later
Downloads for the firmware revisions can be found at:

http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=2711P&crumb=112