The vulnerability of the embedded software for MicroLogix 1100 and MicroLogix 1400 allows a intruder to execute arbitrary code.

🗓️ 21 Jul 2016 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

MicroLogix 1100 and 1400 vulnerability enables arbitrary code via crafted link from weak page protection.

Reporter	Title	Published	Views	Family All 13
Tenable Nessus	Rockwell Automation/Allen-Bradley MicroLogix Multiple Devices XSS	8 May 201900:00	–	nessus
Tenable Nessus	Rockwellautomation Micrologix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	8 Nov 201900:00	–	nessus
Tenable Nessus	MicroLogix 1400 PLC Web Server Multiple Vulnerabilities	31 May 201600:00	–	nessus
Tenable Nessus	Rockwell Automation MicroLogix Cross-site Scripting (CVE-2015-6488)	7 Feb 202200:00	–	nessus
BDU FSTEC	Vulnerability of the microprogramming software used in Micrologix 1100 and 1400 programmable logic controllers, allowing intruders to inject arbitrary web or HTML code	20 Nov 201500:00	–	bdu_fstec
CNVD	Allen-Bradley MicroLogix Cross-Site Scripting Vulnerability	30 Oct 201500:00	–	cnvd
CVE	CVE-2015-6488	28 Oct 201510:00	–	cve
Cvelist	CVE-2015-6488	28 Oct 201510:00	–	cvelist
EUVD	EUVD-2015-6429	7 Oct 202500:30	–	euvd
ICS	Rockwell Automation Micrologix 1100 and 1400 PLC Systems Vulnerabilities (Update A)	30 Jul 201506:00	–	ics

Source	Link
securitylab	www.securitylab.ru/lab/PT-2016-16
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-15-300-03
web	www.web.nvd.nist.gov/view/vuln/detail
securitylab	www.securitylab.ru/lab/PT-2015-16

23 Mar 2021 00:00Current

6Medium risk

Vulners AI Score6

CVSS 24.3

EPSS0.00286

MicroLogix 1100 MicroLogix 1400 arbitrary code execution crafted link web page protection