An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 prog…
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords.
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
https://cwe.mitre.org/data/definitions/307.html →Open in CWE collection →https://capec.mitre.org/data/definitions/16.html →Open in CAPEC collection →
An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.
https://capec.mitre.org/data/definitions/49.html →Open in CAPEC collection →https://capec.mitre.org/data/definitions/560.html →Open in CAPEC collection →
https://capec.mitre.org/data/definitions/565.html →Open in CAPEC collection →
https://capec.mitre.org/data/definitions/600.html →Open in CAPEC collection →
An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.
https://capec.mitre.org/data/definitions/652.html →Open in CAPEC collection →An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.
https://capec.mitre.org/data/definitions/653.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| 1763-l16awa_series_a | * | Tracked |
| 1763-l16awa_series_b | * | Tracked |
| 1763-l16bbb_series_a | * | Tracked |
| 1763-l16bbb_series_b | * | Tracked |
| 1763-l16bwa_series_a | * | Tracked |
| 1763-l16bwa_series_b | * | Tracked |
| 1763-l16dwd_series_a | * | Tracked |
| 1763-l16dwd_series_b | * | Tracked |
| 1766-l32awa_series_a | * | Tracked |
| 1766-l32awa_series_b | * | Tracked |
| 1766-l32awaa_series_a | * | Tracked |
| 1766-l32awaa_series_b | * | Tracked |
| 1766-l32bwa_series_a | * | Tracked |
| 1766-l32bwa_series_b | * | Tracked |
| 1766-l32bwaa_series_a | * | Tracked |
| 1766-l32bwaa_series_b | * | Tracked |
| 1766-l32bxb_series_a | * | Tracked |
| 1766-l32bxb_series_b | * | Tracked |
| 1766-l32bxba_series_a | * | Tracked |
| 1766-l32bxba_series_b | * | Tracked |