CVE-2016-2279
Last modified
CVE-2016-2279 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.. EPSS estimates a 7.53% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Compactlogix 1769-L16er-Bb1b Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L18er-Bb1b Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L18erm-Bb1b Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L24er-Qb1b Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L24er-Qbfc1b Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L27erm-Qbfc1b Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L30er Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L30erm Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L30er-Nse Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L33er Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L33erm Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L36erm Firmware | <= 27.011 |
| Rockwellautomation | Compactlogix 1769-L23e-Qb1b Firmware | <= 20.018 |
| Rockwellautomation | Compactlogix 1769-L23e-Qbfc1b Firmware | <= 20.018 |
| Rockwellautomation | Compactlogix 1756-En2f Series A Firmware | All versions |
| Rockwellautomation | Compactlogix 1756-En2f Series B Firmware | All versions |
| Rockwellautomation | Compactlogix 1756-En2t Series A Firmware | All versions |
| Rockwellautomation | Compactlogix 1756-En2t Series B Firmware | All versions |
| Rockwellautomation | Compactlogix 1756-En2t Series C Firmware | All versions |
| Rockwellautomation | Compactlogix 1756-En2t Series D Firmware | <= 10.007 |
| Rockwellautomation | Compactlogix 1756-En2tr Series A Firmware | All versions |
| Rockwellautomation | Compactlogix 1756-En2tr Series B Firmware | All versions |
| Rockwellautomation | Compactlogix 1756-En3tr Series A Firmware | All versions |
References
- http://www.securitytracker.com/id/1035190Broken Link, Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02Third Party Advisory, US Government Resource
- https://www.exploit-db.com/exploits/44626/Exploit, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1035190Broken Link, Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02Third Party Advisory, US Government Resource
- https://www.exploit-db.com/exploits/44626/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-2279?
How severe is CVE-2016-2279?
How do I fix CVE-2016-2279?
Are you affected by CVE-2016-2279?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST