The Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge web interface contains a cross-site scripting vulnerability that may allow an attacker to spoof data or redirect end user's to other sites.
The Rockwell Logix Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge uses a web interface to display log files and status information. This web interface contains multiple cross-site scripting vulnerabilities. To exploit these issues, an attacker would need to convince an operator to open on a specially crafted URL.
Refer to Rockwell Automation's vendor statement for information about how to obtain product firmware to mitigate this vulnerability: KB#57729
Thanks to Daniel Peck of Digital Bond, Inc. for reporting this issue.
This document was written by Ryan Giobbi.
|Date First Published:||2009-02-05|
|Date Last Updated:||2011-05-12 18:24 UTC|