Skip to main content

Micrologix 1100 Firmware CVE-2015-6488

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2015-10-28 ics-cert@hq.dhs.gov
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 28, 2015 - 10:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected products include: Rockwellautomation Micrologix 1100 Firmware, Rockwellautomation Micrologix 1400 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2020-6990 CRITICAL
9.8 Mar 16

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont

CVE-2021-33012 HIGH
8.6 Jul 09

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted c

CVE-2020-6984 HIGH
7.5 Mar 16

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont

CVE-2020-6988 HIGH
7.5 Mar 16

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont

CVE-2022-3166 HIGH
7.5 Dec 16

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerabili

CVE-2019-10955 MEDIUM
6.1 Apr 25

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100

CVE-2015-6486 MEDIUM
6.5 Oct 28

SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 1

CVE-2022-2179 MEDIUM
6.5 Jul 20

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in th

CVE-2022-46670 MEDIUM
6.1 Dec 16

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that

CVE-2015-6491 MEDIUM
4.0 Oct 28

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticate

CVE-2020-6980 LOW
3.3 Mar 16

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Cont

Share

CVE-2015-6488 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy