Details of VAR-200902-0037

ID

VAR-200902-0037

CVE

CVE-2009-0473

TITLE

Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URL redirection vulnerability

Trust: 0.8

sources: CERT/CC: VU#619499

DESCRIPTION

Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rockwell Logix Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Uses a web interface to display log files and status information. This web interface includes URL A redirection vulnerability exists.An attacker could be redirected to a different page than the user tried to access with a web browser. This may help the attacker steal cookie-based authentication credentials and launch other attacks. An attacker can exploit this issue to cause a victim's browser to redirect to a malicious site. Successfully exploiting this issue may aid in phishing attacks. Automation ControlLogix is an industrial automation control system developed by Rockwell. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: ControlLogix 1756-ENTB/A Ethernet/IP Bridge Vulnerabilities SECUNIA ADVISORY ID: SA33783 VERIFY ADVISORY: http://secunia.com/advisories/33783/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: ControlLogix 1756-ENTB/A Ethernet/IP Bridge http://secunia.com/advisories/product/21337/ DESCRIPTION: Some vulnerabilities and a weakness have been reported in ControlLogix 1756-ENTB/A Ethernet/IP Bridge, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose potentially sensitive information. 2) An unspecified error in the web interface can be exploited to disclose potentially sensitive internal web page information. SOLUTION: A fixed firmware version is scheduled for release July, 2009. Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: 1) US-CERT credits Daniel Peck of Digital Bond, Inc. 2) Reported by the vendor. ORIGINAL ADVISORY: US-CERT VU#882619: http://www.kb.cert.org/vuls/id/882619 Rockwell Automation: http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.05

sources: NVD: CVE-2009-0473 // CERT/CC: VU#619499 // CERT/CC: VU#882619 // JVNDB: JVNDB-2009-001052 // BID: 33638 // BID: 33636 // IVD: b37bf918-23cc-11e6-abef-000c29c66e3d // VULHUB: VHN-37919 // VULMON: CVE-2009-0473 // PACKETSTORM: 74765

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: b37bf918-23cc-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	rockwell automation	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	rockwellautomation	model:	controllogix 1756-enbt\/a ethernet\/ ip bridge	scope:	eq	version:	-	Trust: 1.6
vendor:	rockwell automation	model:	logix automation controllogix 1756-enbt/a ethernet/ip bridge	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell	model:	automation controllogix 1756-enbt/a ethernet/ip bridge	scope:	eq	version:	0	Trust: 0.6
vendor:	controllogix 1756 enbt a ethernet ip bridge	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: b37bf918-23cc-11e6-abef-000c29c66e3d // CERT/CC: VU#619499 // CERT/CC: VU#882619 // BID: 33638 // BID: 33636 // JVNDB: JVNDB-2009-001052 // CNNVD: CNNVD-200902-140 // NVD: CVE-2009-0473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0473
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#619499
value:	0.21
Trust: 0.8
CARNEGIE MELLON:	VU#882619
value:	0.05
Trust: 0.8
NVD:	CVE-2009-0473
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200902-140
value:	MEDIUM
Trust: 0.6
IVD:	b37bf918-23cc-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-37919
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2009-0473
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-0473
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
IVD:	b37bf918-23cc-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-37919
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: b37bf918-23cc-11e6-abef-000c29c66e3d // CERT/CC: VU#619499 // CERT/CC: VU#882619 // VULHUB: VHN-37919 // VULMON: CVE-2009-0473 // JVNDB: JVNDB-2009-001052 // CNNVD: CNNVD-200902-140 // NVD: CVE-2009-0473

PROBLEMTYPE DATA

problemtype:

CWE-59

Trust: 1.9

sources: VULHUB: VHN-37919 // JVNDB: JVNDB-2009-001052 // NVD: CVE-2009-0473

THREAT TYPE

network

Trust: 0.6

sources: BID: 33638 // BID: 33636

TYPE

Post link

Trust: 0.8

sources: IVD: b37bf918-23cc-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200902-140

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001052

PATCH

title:	ControlLogix 1756-ENTB/A Ethernet/IP Bridge - Potential Security Vulnerabilities	url:	http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729	Trust: 0.8
title:	Reference Architectures for Manufacturing from Rockwell Automation	url:	http://www.ab.com/networks/architectures.html	Trust: 0.8
title:	CVE-2009-0473	url:	https://github.com/akbarq/CVE-2009-0473	Trust: 0.1
title:	-	url:	https://github.com/akbarq/CVE-2009-0473-check	Trust: 0.1

sources: VULMON: CVE-2009-0473 // JVNDB: JVNDB-2009-001052

EXTERNAL IDS

db:	CERT/CC	id:	VU#619499	Trust: 3.7
db:	BID	id:	33636	Trust: 2.9
db:	NVD	id:	CVE-2009-0473	Trust: 2.8
db:	SECUNIA	id:	33783	Trust: 2.8
db:	VUPEN	id:	ADV-2009-0347	Trust: 2.6
db:	CERT/CC	id:	VU#882619	Trust: 1.2
db:	CNNVD	id:	CNNVD-200902-140	Trust: 0.8
db:	JVNDB	id:	JVNDB-2009-001052	Trust: 0.8
db:	BID	id:	33638	Trust: 0.3
db:	IVD	id:	B37BF918-23CC-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-37919	Trust: 0.1
db:	VULMON	id:	CVE-2009-0473	Trust: 0.1
db:	PACKETSTORM	id:	74765	Trust: 0.1

sources: IVD: b37bf918-23cc-11e6-abef-000c29c66e3d // CERT/CC: VU#619499 // CERT/CC: VU#882619 // VULHUB: VHN-37919 // VULMON: CVE-2009-0473 // BID: 33638 // BID: 33636 // JVNDB: JVNDB-2009-001052 // PACKETSTORM: 74765 // CNNVD: CNNVD-200902-140 // NVD: CVE-2009-0473

REFERENCES

url:	http://www.kb.cert.org/vuls/id/619499	Trust: 2.9
url:	http://www.securityfocus.com/bid/33636	Trust: 2.6
url:	http://secunia.com/advisories/33783	Trust: 2.6
url:	http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729	Trust: 2.5
url:	http://www.vupen.com/english/advisories/2009/0347	Trust: 2.0
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://rockwellautomation.custhelp.com/app/answers/detail/a_id/57729	Trust: 0.8
url:	http://www.ab.com/networks/architectures.html	Trust: 0.8
url:	http://en.wikipedia.org/w/index.php?title=cross-site_scripting&oldid=268497783	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0473	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu619499/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0473	Trust: 0.8
url:	http://www.rockwellautomation.com/	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2009/0347	Trust: 0.6
url:	http://www.kb.cert.org/vuls/id/882619	Trust: 0.4
url:	https://cwe.mitre.org/data/definitions/59.html	Trust: 0.1
url:	https://github.com/akbarq/cve-2009-0473	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=17569	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://secunia.com/advisories/product/21337/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/advisories/33783/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#619499 // CERT/CC: VU#882619 // VULHUB: VHN-37919 // VULMON: CVE-2009-0473 // BID: 33638 // BID: 33636 // JVNDB: JVNDB-2009-001052 // PACKETSTORM: 74765 // CNNVD: CNNVD-200902-140 // NVD: CVE-2009-0473

CREDITS

Daniel Peck of Digital Bond, Inc.

Trust: 0.9

sources: BID: 33636 // CNNVD: CNNVD-200902-140

SOURCES

db:	IVD	id:	b37bf918-23cc-11e6-abef-000c29c66e3d
db:	CERT/CC	id:	VU#619499
db:	CERT/CC	id:	VU#882619
db:	VULHUB	id:	VHN-37919
db:	VULMON	id:	CVE-2009-0473
db:	BID	id:	33638
db:	BID	id:	33636
db:	JVNDB	id:	JVNDB-2009-001052
db:	PACKETSTORM	id:	74765
db:	CNNVD	id:	CNNVD-200902-140
db:	NVD	id:	CVE-2009-0473

LAST UPDATE DATE

2025-04-10T23:00:35.230000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#619499	date:	2010-01-11T00:00:00
db:	CERT/CC	id:	VU#882619	date:	2011-05-12T00:00:00
db:	VULHUB	id:	VHN-37919	date:	2011-03-08T00:00:00
db:	VULMON	id:	CVE-2009-0473	date:	2011-03-08T00:00:00
db:	BID	id:	33638	date:	2009-02-09T20:18:00
db:	BID	id:	33636	date:	2009-02-06T16:38:00
db:	JVNDB	id:	JVNDB-2009-001052	date:	2009-03-05T00:00:00
db:	CNNVD	id:	CNNVD-200902-140	date:	2009-02-26T00:00:00
db:	NVD	id:	CVE-2009-0473	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	IVD	id:	b37bf918-23cc-11e6-abef-000c29c66e3d	date:	2009-02-06T00:00:00
db:	CERT/CC	id:	VU#619499	date:	2009-02-05T00:00:00
db:	CERT/CC	id:	VU#882619	date:	2009-02-05T00:00:00
db:	VULHUB	id:	VHN-37919	date:	2009-02-06T00:00:00
db:	VULMON	id:	CVE-2009-0473	date:	2009-02-06T00:00:00
db:	BID	id:	33638	date:	2009-02-05T00:00:00
db:	BID	id:	33636	date:	2009-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2009-001052	date:	2009-03-05T00:00:00
db:	PACKETSTORM	id:	74765	date:	2009-02-09T08:44:35
db:	CNNVD	id:	CNNVD-200902-140	date:	2009-02-06T00:00:00
db:	NVD	id:	CVE-2009-0473	date:	2009-02-06T19:30:00.593