CVE-2016-2279

Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Link Resource
http://www.securitytracker.com/id/1035190 Broken Link Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02 Third Party Advisory US Government Resource
https://www.exploit-db.com/exploits/44626/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l16er-bb1b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l16er-bb1b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l18er-bb1b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l18er-bb1b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l18erm-bb1b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l18erm-bb1b:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l24er-qb1b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l24er-qb1b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l24er-qbfc1b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l24er-qbfc1b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l27erm-qbfc1b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l27erm-qbfc1b:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l30er_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l30er:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l30erm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l30erm:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l30er-nse_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l30er-nse:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l33er_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l33er:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l33erm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l33erm:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l36erm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l36erm:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l23e-qb1b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l23e-qb1b:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l23e-qbfc1b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l23e-qbfc1b:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1756-en2f_series_a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1756-en2f_series_a:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1756-en2f_series_b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1756-en2f_series_b:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1756-en2t_series_a:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1756-en2t_series_b:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1756-en2t_series_c:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1756-en2t_series_d:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1756-en2tr_series_a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1756-en2tr_series_a:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1756-en2tr_series_b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1756-en2tr_series_b:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1756-en3tr_series_a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1756-en3tr_series_a:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-03-02 11:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-2279

Mitre link : CVE-2016-2279

CVE.ORG link : CVE-2016-2279


JSON object : View

Products Affected

rockwellautomation

  • compactlogix_1756-en2t_series_d
  • compactlogix_1756-en2t_series_a_firmware
  • compactlogix_1769-l18erm-bb1b_firmware
  • compactlogix_1769-l23e-qb1b_firmware
  • compactlogix_1756-en2t_series_c
  • compactlogix_1769-l23e-qbfc1b_firmware
  • compactlogix_1769-l33erm_firmware
  • compactlogix_1769-l23e-qb1b
  • compactlogix_1756-en2t_series_d_firmware
  • compactlogix_1769-l27erm-qbfc1b
  • compactlogix_1769-l24er-qbfc1b_firmware
  • compactlogix_1756-en2f_series_a_firmware
  • compactlogix_1756-en2f_series_b
  • compactlogix_1769-l24er-qbfc1b
  • compactlogix_1756-en2tr_series_a_firmware
  • compactlogix_1769-l16er-bb1b_firmware
  • compactlogix_1756-en2f_series_b_firmware
  • compactlogix_1769-l30erm_firmware
  • compactlogix_1769-l24er-qb1b
  • compactlogix_1769-l36erm_firmware
  • compactlogix_1769-l30er_firmware
  • compactlogix_1756-en2t_series_b_firmware
  • compactlogix_1769-l18er-bb1b
  • compactlogix_1756-en2tr_series_b_firmware
  • compactlogix_1769-l33er_firmware
  • compactlogix_1769-l30er-nse_firmware
  • compactlogix_1769-l33er
  • compactlogix_1769-l18erm-bb1b
  • compactlogix_1769-l23e-qbfc1b
  • compactlogix_1756-en3tr_series_a
  • compactlogix_1769-l30er-nse
  • compactlogix_1769-l16er-bb1b
  • compactlogix_1769-l18er-bb1b_firmware
  • compactlogix_1769-l30erm
  • compactlogix_1756-en2tr_series_a
  • compactlogix_1769-l36erm
  • compactlogix_1756-en2f_series_a
  • compactlogix_1769-l30er
  • compactlogix_1756-en2t_series_a
  • compactlogix_1756-en2t_series_b
  • compactlogix_1769-l24er-qb1b_firmware
  • compactlogix_1756-en2tr_series_b
  • compactlogix_1756-en3tr_series_a_firmware
  • compactlogix_1769-l27erm-qbfc1b_firmware
  • compactlogix_1769-l33erm
  • compactlogix_1756-en2t_series_c_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')