PatchSiren cyber security CVE debrief
CVE-2016-9334 Rockwellautomation CVE debrief
CVE-2016-9334 describes a credential exposure issue in Rockwell Automation controller web interfaces. According to the NVD record, user credentials are transmitted to the web server in clear text, so anyone able to observe traffic between the browser and the controller may recover those credentials. NVD rates the issue 7.3 HIGH and lists affected MicroLogix 1100 models (and additional 1766-L32 variants) at or below the specified firmware versions.
- Vendor
- Rockwellautomation
- Product
- CVE-2016-9334
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Industrial control system operators, OT network defenders, plant engineers, and anyone administering the affected Rockwell Automation controllers or their web interfaces should treat this as sensitive because credentials can be exposed on the network.
Technical summary
The vulnerability is an information-disclosure problem in the controller’s web interface flow: credentials are sent without transport protection, allowing passive network observers to capture them. NVD assigns CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, reflecting that exploitation requires only network visibility and no authentication. The supplied NVD data lists Rockwell Automation 1763-L16AWA, 1763-L16BBB, 1763-L16BWA, and 1763-L16DWD Series A/B up to Version 14.000, plus several 1766-L32 Series A/B variants up to Version 15.004.
Defensive priority
High for environments where these controllers are reachable on shared or untrusted networks, or where web access traverses segments that are not tightly controlled. The risk is lower if access is fully isolated and monitored, but the credential exposure still merits remediation planning.
Recommended defensive actions
- Restrict access to the controller web interface to trusted administrative networks only.
- Avoid sending controller credentials across untrusted or shared network paths.
- Segment OT and IT networks so traffic to these devices is not broadly observable.
- Use the vendor advisory and official guidance to confirm whether a firmware or configuration remediation exists for each affected model.
- Review whether the web interface is needed at all; disable or limit it if operationally possible and approved.
- Monitor for unauthorized use of controller web accounts and rotate any credentials that may have traversed insecure paths.
Evidence notes
The supplied NVD description states that user credentials are sent to the web server in clear text and may be discovered if an attacker can observe traffic between the browser and server. The NVD metadata lists affected Rockwell Automation CPEs for 1763-L16AWA, 1763-L16BBB, 1763-L16BWA, 1763-L16DWD Series A/B up to Version 14.000, and additional 1766-L32 family variants up to Version 15.004. References in the record point to ICS-CERT advisory ICSA-16-336-06 and SecurityFocus BID 95302.
Official resources
-
CVE-2016-9334 CVE record
CVE.org
-
CVE-2016-9334 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
Publicly published in the CVE record and NVD on 2017-02-13; the supplied NVD record was last modified on 2026-05-13. The record references ICS-CERT advisory ICSA-16-336-06 as a related official advisory source.