CVE-2017-7914 Information

Description

A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04 6.00.05 6.00.42 6.00-20140306 6.10.20121012 6.10-20140122 7.00-20121012 7.00-20130108 7.00-20130325 7.00-20130619 7.00-20140128 7.00-20140310 7.00-20140429 7.00-20140621 7.00-20140729 7.00-20141022 8.00-20140730 and 8.00-20141023. There is no authorization check when connecting to the device allowing an attacker remote access.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

HIGH

Base Severity

8.6