Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Controllogix 1756-Enbt\/A Ethernet\/ Ip Bridge | - |
Related Weaknesses (CWE)
References
- http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduseVendor Advisory
- http://secunia.com/advisories/33783
- http://www.kb.cert.org/vuls/id/882619US Government Resource
- http://www.securityfocus.com/bid/33638
- http://www.vupen.com/english/advisories/2009/0347
- http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduseVendor Advisory
- http://secunia.com/advisories/33783
- http://www.kb.cert.org/vuls/id/882619US Government Resource
- http://www.securityfocus.com/bid/33638
- http://www.vupen.com/english/advisories/2009/0347
FAQ
What is CVE-2009-0472?
CVE-2009-0472 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web sc...
How severe is CVE-2009-0472?
CVE-2009-0472 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0472?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Controllogix 1756-Enbt\/A Ethernet\/ Ip Bridge.