Rockwell Automation 1756-ENBT/A Multiple Cross-Site Scripting

medium Nessus Network Monitor Plugin ID 720206

Synopsis

Rockwell Automation 1756-ENBT/A allows a remote attacker to inject arbitrary web script or HTML via unspecified vectors.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729

Plugin Details

Severity: Medium

ID: 720206

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Patch Publication Date: 2/6/2009

Vulnerability Publication Date: 2/6/2009

Reference Information

CVE: CVE-2009-0472

BID: 33638