Vulnerability Note VU#619499
Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URL redirection vulnerability
The Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge web interface contains a URL redirection vulnerability.
The Rockwell Logix Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge uses a web interface to display log files and status information. This web interface contains a URL redirection vulnerability. To exploit this issue, an attacker would need to convince an operator to open on a specially crafted URL.
An attacker may be able to redirect a user's browser to an another website.
We are currently unaware of a practical solution to this problem. Until updated firmware is available, we recommend that administrators implement the below workaround.
Do not allow remote access
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Rockwell Automation||Affected||-||05 Feb 2009|
CVSS Metrics (Learn More)
Thanks to Daniel Peck of Digital Bond, Inc. for reporting this issue.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 01 Feb 2009
- Date First Published: 05 Feb 2009
- Date Last Updated: 11 Jan 2010
- Severity Metric: 0.21
- Document Revision: 36
If you have feedback, comments, or additional information about this vulnerability, please send us email.