Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-2279

Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published

2016-03-02T11:59:03.723

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	rockwellautomation	compactlogix_1769-l16er-bb1b_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l16er-bb1b	-	No
Operating System	rockwellautomation	compactlogix_1769-l18er-bb1b_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l18er-bb1b	-	No
Operating System	rockwellautomation	compactlogix_1769-l18erm-bb1b_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l18erm-bb1b	-	No
Operating System	rockwellautomation	compactlogix_1769-l24er-qb1b_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l24er-qb1b	-	No
Operating System	rockwellautomation	compactlogix_1769-l24er-qbfc1b_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l24er-qbfc1b	-	No
Operating System	rockwellautomation	compactlogix_1769-l27erm-qbfc1b_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l27erm-qbfc1b	-	No
Operating System	rockwellautomation	compactlogix_1769-l30er_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l30er	-	No
Operating System	rockwellautomation	compactlogix_1769-l30erm_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l30erm	-	No
Operating System	rockwellautomation	compactlogix_1769-l30er-nse_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l30er-nse	-	No
Operating System	rockwellautomation	compactlogix_1769-l33er_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l33er	-	No
Operating System	rockwellautomation	compactlogix_1769-l33erm_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l33erm	-	No
Operating System	rockwellautomation	compactlogix_1769-l36erm_firmware	≤ 27.011	Yes
Hardware	rockwellautomation	compactlogix_1769-l36erm	-	No
Operating System	rockwellautomation	compactlogix_1769-l23e-qb1b_firmware	≤ 20.018	Yes
Hardware	rockwellautomation	compactlogix_1769-l23e-qb1b	-	No
Operating System	rockwellautomation	compactlogix_1769-l23e-qbfc1b_firmware	≤ 20.018	Yes
Hardware	rockwellautomation	compactlogix_1769-l23e-qbfc1b	-	No
Operating System	rockwellautomation	compactlogix_1756-en2f_series_a_firmware	*	Yes
Hardware	rockwellautomation	compactlogix_1756-en2f_series_a	-	No
Operating System	rockwellautomation	compactlogix_1756-en2f_series_b_firmware	*	Yes
Hardware	rockwellautomation	compactlogix_1756-en2f_series_b	-	No
Operating System	rockwellautomation	compactlogix_1756-en2t_series_a_firmware	*	Yes
Hardware	rockwellautomation	compactlogix_1756-en2t_series_a	-	No
Operating System	rockwellautomation	compactlogix_1756-en2t_series_b_firmware	*	Yes
Hardware	rockwellautomation	compactlogix_1756-en2t_series_b	-	No
Operating System	rockwellautomation	compactlogix_1756-en2t_series_c_firmware	*	Yes
Hardware	rockwellautomation	compactlogix_1756-en2t_series_c	-	No
Operating System	rockwellautomation	compactlogix_1756-en2t_series_d_firmware	≤ 10.007	Yes
Hardware	rockwellautomation	compactlogix_1756-en2t_series_d	-	No
Operating System	rockwellautomation	compactlogix_1756-en2tr_series_a_firmware	*	Yes
Hardware	rockwellautomation	compactlogix_1756-en2tr_series_a	-	No
Operating System	rockwellautomation	compactlogix_1756-en2tr_series_b_firmware	*	Yes
Hardware	rockwellautomation	compactlogix_1756-en2tr_series_b	-	No
Operating System	rockwellautomation	compactlogix_1756-en3tr_series_a_firmware	*	Yes
Hardware	rockwellautomation	compactlogix_1756-en3tr_series_a	-	No

References

http://www.securitytracker.com/id/1035190 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02 Third Party Advisory, US Government Resource ([email protected])
https://www.exploit-db.com/exploits/44626/ Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1035190 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44626/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)