Details of VAR-201508-0632

ID

VAR-201508-0632

TITLE

Rockwell Automation 1769-L18ER/A LOGIX5318ER Cross-Site Scripting Vulnerability

Trust: 1.4

sources: IVD: 6d5677c2-1e6a-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05659 // CNNVD: CNNVD-201508-360

DESCRIPTION

Rockwell Automation 1769-L18ER/A LOGIX5318ER has a cross-site scripting vulnerability that allows remote attackers to exploit vulnerabilities to inject malicious scripts or HTML code to capture sensitive information or hijack user sessions when malicious data is viewed. Rockwell Automation 1769-L18ER / A LOGIX5318ER is a programmable logic controller (PLC) from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation 1769-L18ER / A LOGIX5318ER. When a user browses an affected website, their browser executes arbitrary script code provided by the attacker. This could lead to attackers stealing cookie-based authentication and launching other attacks

Trust: 1.53

sources: CNVD: CNVD-2015-05659 // CNNVD: CNNVD-201508-360 // BID: 76355 // IVD: 6d5677c2-1e6a-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 6d5677c2-1e6a-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05659

AFFECTED PRODUCTS

vendor:	rockwell	model:	automation 1769-l18er/a logix5318er	scope:	-	version:	-	Trust: 0.6
vendor:	rockwell	model:	automation 1769-l18er/a logix5318er	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 6d5677c2-1e6a-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05659

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-05659
value:	MEDIUM
Trust: 0.6
IVD:	6d5677c2-1e6a-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2015-05659
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6d5677c2-1e6a-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 6d5677c2-1e6a-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05659

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-360

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201508-360

PATCH

title:

Rockwell Automation 1769-L18ER/A LOGIX5318ER Cross-Site Scripting Vulnerability Patch

url:

https://www.cnvd.org.cn/patchinfo/show/63202

Trust: 0.6

sources: CNVD: CNVD-2015-05659

EXTERNAL IDS

db:	BID	id:	76355	Trust: 1.5
db:	CNVD	id:	CNVD-2015-05659	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-360	Trust: 0.6
db:	IVD	id:	6D5677C2-1E6A-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 6d5677c2-1e6a-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05659 // BID: 76355 // CNNVD: CNNVD-201508-360

REFERENCES

url:	http://www.securityfocus.com/bid/76355	Trust: 1.2
url:	http://www.rockwellautomation.com/	Trust: 0.3

sources: CNVD: CNVD-2015-05659 // BID: 76355 // CNNVD: CNNVD-201508-360

CREDITS

ICS CERT

Trust: 0.9

sources: BID: 76355 // CNNVD: CNNVD-201508-360

SOURCES

db:	IVD	id:	6d5677c2-1e6a-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-05659
db:	BID	id:	76355
db:	CNNVD	id:	CNNVD-201508-360

LAST UPDATE DATE

2022-05-17T02:05:53.070000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05659	date:	2015-08-27T00:00:00
db:	BID	id:	76355	date:	2015-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201508-360	date:	2015-08-19T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	6d5677c2-1e6a-11e6-abef-000c29c66e3d	date:	2015-08-27T00:00:00
db:	CNVD	id:	CNVD-2015-05659	date:	2015-08-27T00:00:00
db:	BID	id:	76355	date:	2015-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201508-360	date:	2015-08-19T00:00:00