CVE-2016-2279: XSS
First published: Wed Mar 02 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation CompactLogix 1769-L18ER-BB1B | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L16ER-BB1B | ||
| Rockwell Automation CompactLogix 1769-L18ER-BB1B | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L18ER-BB1B | ||
| Rockwell Automation CompactLogix 1769-L18ERM-BB1B Firmware | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L18ERM-BB1B Firmware | ||
| Rockwell Automation CompactLogix 1769-L24ER-QB1B | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L24ER-QB1B | ||
| Rockwell Automation CompactLogix 1769-L24ER-QBFC1B Firmware | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L24ER-QBFC1B Firmware | ||
| Rockwell Automation CompactLogix 1769-L27ERM-QBFC1B Firmware | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L27ERM-QBFC1B Firmware | ||
| Rockwell Automation CompactLogix 1769-L30ER Firmware | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L30ER Firmware | ||
| Rockwell Automation CompactLogix 1769-L30ERM Firmware | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L30ERM Firmware | ||
| Rockwell Automation CompactLogix 1769-L30ER-NSE Firmware | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L30ER-NSE | ||
| Rockwell Automation CompactLogix 1769-L33ER/M Firmware | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L33ER/M Firmware | ||
| Rockwell Automation CompactLogix 1769-L33ER/M Firmware | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L33ERM | ||
| Rockwell Automation CompactLogix 1769-L36ERM Firmware | <=27.011 | |
| Rockwell Automation CompactLogix 1769-L36ERM Firmware | ||
| Rockwell Automation CompactLogix 1769-L23E-QB1B | <=20.018 | |
| Rockwell Automation CompactLogix 1769-L23E-QB1B | ||
| Rockwell Automation CompactLogix 1769-L23E-QBFC1B | <=20.018 | |
| Rockwell Automation CompactLogix 1769-L23E-QBFC1B | ||
| Rockwellautomation Compactlogix 1756-en2f Series A Firmware | ||
| Rockwellautomation Compactlogix 1756-en2f Series A Firmware | ||
| Rockwell Automation CompactLogix 1756-EN2F Series B | ||
| Rockwell Automation CompactLogix 1756-EN2F Series B | ||
| Rockwell Automation CompactLogix 1756-EN2T Series A Firmware | ||
| Rockwell Automation CompactLogix 1756-EN2T Series A | ||
| Rockwell Automation CompactLogix 1756-EN2T Series B Firmware | ||
| Rockwell Automation CompactLogix 1756-EN2T Series B | ||
| Rockwell Automation CompactLogix 1756-EN2T Series C Firmware | ||
| Rockwell Automation CompactLogix 1756-EN2T Series C Firmware | ||
| Rockwell Automation CompactLogix 1756-EN2T Series D Firmware | <=10.007 | |
| Rockwell Automation CompactLogix 1756-EN2T Series D | ||
| Rockwell Automation CompactLogix 1756-EN2TR Series A Firmware | ||
| Rockwell Automation CompactLogix 1756-EN2tr Series A | ||
| Rockwell Automation CompactLogix 1756-EN2TR Series B | ||
| Rockwell Automation CompactLogix 1756-EN2TR Series B | ||
| Rockwell Automation CompactLogix 1756-EN3TR Series A Firmware | ||
| Rockwell Automation CompactLogix 1756-EN3TR Series A Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-2279?
CVE-2016-2279 has been classified with medium severity due to its potential for cross-site scripting attacks.
How do I fix CVE-2016-2279?
To fix CVE-2016-2279, update the firmware of the affected CompactLogix devices to version 28.011 or later.
Which devices are affected by CVE-2016-2279?
CVE-2016-2279 affects Rockwell Automation's Allen-Bradley CompactLogix 1769-L devices running firmware versions prior to 28.011.
What is a cross-site scripting vulnerability in CVE-2016-2279?
A cross-site scripting vulnerability, as noted in CVE-2016-2279, allows attackers to inject and execute malicious web scripts in the context of the user's web browser.
Can CVE-2016-2279 be exploited remotely?
Yes, CVE-2016-2279 can be exploited by remote attackers through unspecified vectors, potentially compromising the integrity of the web server.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/rockwellautomation
- canonical/rockwell automation compactlogix 1769-l18er-bb1b
- version/rockwell automation compactlogix 1769-l18er-bb1b/27.011
- canonical/rockwell automation compactlogix 1769-l16er-bb1b
- canonical/rockwell automation compactlogix 1769-l18erm-bb1b firmware
- version/rockwell automation compactlogix 1769-l18erm-bb1b firmware/27.011
- canonical/rockwell automation compactlogix 1769-l24er-qb1b
- version/rockwell automation compactlogix 1769-l24er-qb1b/27.011
- canonical/rockwell automation compactlogix 1769-l24er-qbfc1b firmware
- version/rockwell automation compactlogix 1769-l24er-qbfc1b firmware/27.011
- canonical/rockwell automation compactlogix 1769-l27erm-qbfc1b firmware
- version/rockwell automation compactlogix 1769-l27erm-qbfc1b firmware/27.011
- canonical/rockwell automation compactlogix 1769-l30er firmware
- version/rockwell automation compactlogix 1769-l30er firmware/27.011
- canonical/rockwell automation compactlogix 1769-l30erm firmware
- version/rockwell automation compactlogix 1769-l30erm firmware/27.011
- canonical/rockwell automation compactlogix 1769-l30er-nse firmware
- version/rockwell automation compactlogix 1769-l30er-nse firmware/27.011
- canonical/rockwell automation compactlogix 1769-l30er-nse
- canonical/rockwell automation compactlogix 1769-l33er/m firmware
- version/rockwell automation compactlogix 1769-l33er/m firmware/27.011
- canonical/rockwell automation compactlogix 1769-l33erm
- canonical/rockwell automation compactlogix 1769-l36erm firmware
- version/rockwell automation compactlogix 1769-l36erm firmware/27.011
- canonical/rockwell automation compactlogix 1769-l23e-qb1b
- version/rockwell automation compactlogix 1769-l23e-qb1b/20.018
- canonical/rockwell automation compactlogix 1769-l23e-qbfc1b
- version/rockwell automation compactlogix 1769-l23e-qbfc1b/20.018
- canonical/rockwellautomation compactlogix 1756-en2f series a firmware
- canonical/rockwell automation compactlogix 1756-en2f series b
- canonical/rockwell automation compactlogix 1756-en2t series a firmware
- canonical/rockwell automation compactlogix 1756-en2t series a
- canonical/rockwell automation compactlogix 1756-en2t series b firmware
- canonical/rockwell automation compactlogix 1756-en2t series b
- canonical/rockwell automation compactlogix 1756-en2t series c firmware
- canonical/rockwell automation compactlogix 1756-en2t series d firmware
- version/rockwell automation compactlogix 1756-en2t series d firmware/10.007
- canonical/rockwell automation compactlogix 1756-en2t series d
- canonical/rockwell automation compactlogix 1756-en2tr series a firmware
- canonical/rockwell automation compactlogix 1756-en2tr series a
- canonical/rockwell automation compactlogix 1756-en2tr series b
- canonical/rockwell automation compactlogix 1756-en3tr series a firmware