Micrologix 1100 Firmware
CVE-2015-6486
MEDIUM
Severity by source
AV:N/AC:L/Au:S/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:S/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
AnalysisAI
SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Affected products include: Rockwellautomation Micrologix 1100 Firmware, Rockwellautomation Micrologix 1400 Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Micrologix 1100 Firmware
View allRockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont
Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted c
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont
Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerabili
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in th
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that
Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticate
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today