CVE-2017-7914

Published Jun 14, 2017

Last updated 5 years ago

CVSS high 8.6

Overview

Description: A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.6
Impact score: 4.7
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-862
ics-cert@hq.dhs.gov: CWE-882

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:6.00-20140306:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7EBA0A2-F6F2-4DF0-8FAC-37E5C6768734"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:6.00.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7498C8EB-B040-4B5E-BB67-630986C417E7"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:6.00.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DC3FD03-CA9F-427D-B8AB-2280A60738B6"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:6.00.42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7522CC96-D5E9-41AF-95AB-876303767B1B"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:6.10-20140122:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B07AC6A-EFDA-4CC5-937C-6CAD73B3A1C2"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:6.10.20121012:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00391FDB-1094-4FB3-9938-9DEDB1045AD9"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:7.00-20121012:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "374DABE1-5D77-4EE3-853A-9FF5AD820861"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:7.00-20130108:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "031AD257-1BE1-4061-BC6D-1AA0741C99EC"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:7.00-20130325:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F9743D5-67E5-4DA5-BFDB-E42CD73A8306"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:7.00-20130619:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C4A0042-86AF-4BB9-9114-F19777F6312A"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:7.00-20140128:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78DDD0D2-E7F6-43A9-99A6-6D12B153BB1D"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:7.00-20140310:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48CAEE93-3120-4F22-8BE0-46195D489015"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:7.00-20140429:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F58A9CCD-3C23-4D1C-815E-C9D107F47B76"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:7.00-20140621:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "214CB7C5-6241-4589-AA91-014E334FFB41"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:7.00-20140729:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46DC9731-1EA9-4354-959E-494905A45963"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:7.00-20141022:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F3DB916-F40E-4F80-9B28-0CB573585E1D"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:8.00-20140730:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94994F4E-0F1D-46FC-A7B2-462838BA4DFD"
          },
          {
            "criteria": "cpe:2.3:o:rockwellautomation:panelview_plus_6_700-1500_firmware:8.00-20141023:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C8CD419-33AB-43C0-836F-8CC4AFD5F6FE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:panelview_plus_6_700-1500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B3064E9-5257-4D66-A127-E30944447752"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References