Skip to main content

Micrologix 1100 Firmware CVE-2015-6486

MEDIUM
SQL Injection (CWE-89)
2015-10-28 ics-cert@hq.dhs.gov
6.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 28, 2015 - 10:59 cve.org
MEDIUM 6.5

DescriptionCVE.org

SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

AnalysisAI

SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Affected products include: Rockwellautomation Micrologix 1100 Firmware, Rockwellautomation Micrologix 1400 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2020-6990 CRITICAL
9.8 Mar 16

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont

CVE-2021-33012 HIGH
8.6 Jul 09

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted c

CVE-2020-6984 HIGH
7.5 Mar 16

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont

CVE-2020-6988 HIGH
7.5 Mar 16

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont

CVE-2022-3166 HIGH
7.5 Dec 16

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerabili

CVE-2019-10955 MEDIUM
6.1 Apr 25

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100

CVE-2022-2179 MEDIUM
6.5 Jul 20

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in th

CVE-2022-46670 MEDIUM
6.1 Dec 16

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that

CVE-2015-6488 MEDIUM
4.3 Oct 28

Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000

CVE-2015-6491 MEDIUM
4.0 Oct 28

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticate

CVE-2020-6980 LOW
3.3 Mar 16

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont

Share

CVE-2015-6486 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy