CVE-2016-2279

Published: Mar 2, 2016Modified: Jun 3, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (23)

Rockwellautomation

23 products

Compactlogix 1769 L16er Bb1b Firmware

Compactlogix 1769 L18er Bb1b Firmware

Compactlogix 1769 L18erm Bb1b Firmware

Compactlogix 1769 L24er Qb1b Firmware

Compactlogix 1769 L24er Qbfc1b Firmware

Compactlogix 1769 L27erm Qbfc1b Firmware

Compactlogix 1769 L30er Firmware

Compactlogix 1769 L30erm Firmware

Compactlogix 1769 L30er Nse Firmware

Compactlogix 1769 L33er Firmware

Compactlogix 1769 L33erm Firmware

Compactlogix 1769 L36erm Firmware

Compactlogix 1769 L23e Qb1b Firmware

Compactlogix 1769 L23e Qbfc1b Firmware

Compactlogix 1756 En2f Series A Firmware

Compactlogix 1756 En2f Series B Firmware

Compactlogix 1756 En2t Series A Firmware

Compactlogix 1756 En2t Series B Firmware

Compactlogix 1756 En2t Series C Firmware

Compactlogix 1756 En2t Series D Firmware

Compactlogix 1756 En2tr Series A Firmware

Compactlogix 1756 En2tr Series B Firmware

Compactlogix 1756 En3tr Series A Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L16er Bb1b Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L16er Bb1b	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L18er Bb1b Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L18er Bb1b	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L18erm Bb1b Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L18erm Bb1b	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L24er Qb1b Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L24er Qb1b	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L24er Qbfc1b Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L24er Qbfc1b	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L27erm Qbfc1b Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L27erm Qbfc1b	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L30er Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L30er	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L30erm Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L30erm	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L30er Nse Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L30er Nse	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L33er Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L33er	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L33erm Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L33erm	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L36erm Firmware	Up to 27.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L36erm	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L23e Qb1b Firmware	Up to 20.018

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L23e Qb1b	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1769 L23e Qbfc1b Firmware	Up to 20.018

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1769 L23e Qbfc1b	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1756 En2f Series A Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1756 En2f Series A	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1756 En2f Series B Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1756 En2f Series B	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1756 En2t Series A Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1756 En2t Series A	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1756 En2t Series B Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1756 En2t Series B	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1756 En2t Series C Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1756 En2t Series C	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1756 En2t Series D Firmware	Up to 10.007

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1756 En2t Series D	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1756 En2tr Series A Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1756 En2tr Series A	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1756 En2tr Series B Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1756 En2tr Series B	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 1756 En3tr Series A Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Compactlogix 1756 En3tr Series A	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www.securitytracker.com/id/1035190

Source: ics-cert@hq.dhs.gov

Broken LinkThird Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.exploit-db.com/exploits/44626/

Source: ics-cert@hq.dhs.gov

ExploitThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035190

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.exploit-db.com/exploits/44626/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.