Vulnerability Note VU#882619
Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge cross-site scripting vulnerability
The Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge web interface contains a cross-site scripting vulnerability that may allow an attacker to spoof data or redirect end user's to other sites.
The Rockwell Logix Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge uses a web interface to display log files and status information. This web interface contains multiple cross-site scripting vulnerabilities. To exploit these issues, an attacker would need to convince an operator to open on a specially crafted URL.
Refer to Rockwell Automation's vendor statement for information about how to obtain product firmware to mitigate this vulnerability: KB#57729
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Rockwell Automation||Affected||-||12 May 2011|
CVSS Metrics (Learn More)
Thanks to Daniel Peck of Digital Bond, Inc. for reporting this issue.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 01 Feb 2009
- Date First Published: 05 Feb 2009
- Date Last Updated: 12 May 2011
- Severity Metric: 0.05
- Document Revision: 60
If you have feedback, comments, or additional information about this vulnerability, please send us email.