Details of VAR-200902-0690

ID

VAR-200902-0690

TITLE

ControlLogix 1756-ENBT / A EtherNet / IP Bridge Multiple Cross-Site Scripting and URL Redirection Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2009-0659

DESCRIPTION

ControlLogix is industrial automation control software developed by Rockwell Automation, USA. ControlLogix 1756-ENBT / A EtherNet / IP Bridge uses a web interface to display log files and status information. This interface has URL redirection and cross-site scripting vulnerabilities. If a user is tricked into following a specially crafted URL, the user's browser is redirected to another site, or arbitrary code is executed in the browser session

Trust: 0.9

sources: CNVD: CNVD-2009-0659 // IVD: 7d7a1eb1-463f-11e9-b1e2-000c29342cb1 // IVD: 79fb3b82-1fcf-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7d7a1eb1-463f-11e9-b1e2-000c29342cb1 // IVD: 79fb3b82-1fcf-11e6-abef-000c29c66e3d // CNVD: CNVD-2009-0659

AFFECTED PRODUCTS

vendor:

none

model:

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2009-0659

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	7d7a1eb1-463f-11e9-b1e2-000c29342cb1
value:	HIGH
Trust: 0.2
IVD:	79fb3b82-1fcf-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

IVD:	7d7a1eb1-463f-11e9-b1e2-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	79fb3b82-1fcf-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 7d7a1eb1-463f-11e9-b1e2-000c29342cb1 // IVD: 79fb3b82-1fcf-11e6-abef-000c29c66e3d

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: 7d7a1eb1-463f-11e9-b1e2-000c29342cb1

EXTERNAL IDS

db:	CNVD	id:	CNVD-2009-0659	Trust: 1.0
db:	IVD	id:	7D7A1EB1-463F-11E9-B1E2-000C29342CB1	Trust: 0.2
db:	IVD	id:	79FB3B82-1FCF-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 7d7a1eb1-463f-11e9-b1e2-000c29342cb1 // IVD: 79fb3b82-1fcf-11e6-abef-000c29c66e3d // CNVD: CNVD-2009-0659

SOURCES

db:	IVD	id:	7d7a1eb1-463f-11e9-b1e2-000c29342cb1
db:	IVD	id:	79fb3b82-1fcf-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2009-0659

LAST UPDATE DATE

2022-05-17T02:06:10.898000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2009-0659

date:

2009-02-05T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	7d7a1eb1-463f-11e9-b1e2-000c29342cb1	date:	2009-02-05T00:00:00
db:	IVD	id:	79fb3b82-1fcf-11e6-abef-000c29c66e3d	date:	2009-02-05T00:00:00
db:	CNVD	id:	CNVD-2009-0659	date:	2009-02-05T00:00:00