Vulnerabilites related to Rockwell Automation - MicroLogix 1100
var-201510-0196
Vulnerability from variot
SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. A cross-site scripting vulnerability 4. An SQL-injection vulnerability An attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0196",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "automation micrologix 1766-lk32bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1763-l16dwd series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16dwd series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.003"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "110015.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov of Positive Technologies, David Atch of CyberX, and Aditya Sood",
"sources": [
{
"db": "BID",
"id": "77333"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6486",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2015-6486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07307",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-84447",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6486",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6486",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-07307",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-672",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84447",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "VULHUB",
"id": "VHN-84447"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A denial-of-service vulnerability\n3. A cross-site scripting vulnerability\n4. An SQL-injection vulnerability\nAn attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6486"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84447"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6486",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07307",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653",
"trust": 0.8
},
{
"db": "BID",
"id": "70568",
"trust": 0.6
},
{
"db": "BID",
"id": "77333",
"trust": 0.3
},
{
"db": "IVD",
"id": "7C67E9BC-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "VULHUB",
"id": "VHN-84447"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
}
]
},
"id": "VAR-201510-0196",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "VULHUB",
"id": "VHN-84447"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
}
]
},
"last_update_date": "2024-11-23T21:44:49.605000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-Systems"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84447"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6486"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6486"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "VULHUB",
"id": "VHN-84447"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"db": "VULHUB",
"id": "VHN-84447"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
},
{
"db": "NVD",
"id": "CVE-2015-6486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84447"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-672"
},
{
"date": "2015-10-28T10:59:11.027000",
"db": "NVD",
"id": "CVE-2015-6486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07307"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84447"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005653"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-672"
},
{
"date": "2024-11-21T02:35:03.923000",
"db": "NVD",
"id": "CVE-2015-6486"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix 1100 and 1400 In the device SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005653"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "7c67e9bc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-672"
}
],
"trust": 0.8
}
}
var-201904-1023
Vulnerability from variot
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine. plural Rockwell Automation The product contains an open redirect vulnerability.Information may be obtained and information may be altered. Rockwell Automation MicroLogix 1400 Controllers Series A are all programmable logic controllers from Rockwell Automation. An input validation error vulnerability exists in several Rockwell Automation products that originated from a network system or product that did not properly validate the input data. An attacker exploiting a vulnerability can build a well-designed URI and entice a user to follow it. When a victim tracks a link, they may be redirected to an attacker-controlled site to aid in phishing attacks. Other attacks are possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.00"
},
{
"model": "compactlogix 5370 l2",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "30.014"
},
{
"model": "compactlogix 5370 l3",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "30.014"
},
{
"model": "compactlogix 5370 l1",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "30.014"
},
{
"model": "micrologix 1400 a",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "*"
},
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "automation micrologix controllers",
"scope": "eq",
"trust": 0.9,
"vendor": "rockwell",
"version": "110014.00"
},
{
"model": "automation compactlogix l3",
"scope": "eq",
"trust": 0.9,
"vendor": "rockwell",
"version": "537030.014"
},
{
"model": "automation compactlogix l2",
"scope": "eq",
"trust": 0.9,
"vendor": "rockwell",
"version": "537030.014"
},
{
"model": "automation compactlogix l1",
"scope": "eq",
"trust": 0.9,
"vendor": "rockwell",
"version": "537030.014"
},
{
"model": "compactlogix 5370 l1",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "30.014"
},
{
"model": "compactlogix 5370 l2",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "30.014"
},
{
"model": "compactlogix 5370 l3",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "30.014"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "14.00"
},
{
"model": "micrologix 1400 a",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "15.002"
},
{
"model": "automation micrologix controllers series b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix controllers series a",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "automation micrologix controllers series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "140015.002"
},
{
"model": "automation micrologix controllers series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "14000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix 5370 l1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix 5370 l2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compactlogix 5370 l3",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3"
},
{
"db": "CNVD",
"id": "CNVD-2019-14396"
},
{
"db": "BID",
"id": "108049"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004245"
},
{
"db": "NVD",
"id": "CVE-2019-10955"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:compactlogix_5370_l1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:compactlogix_5370_l2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:compactlogix_5370_l3_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_b_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004245"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Josiah Bryan and Geancarlo Palavicini,Josiah Bryan and Geancarlo Palavicini reported this vulnerability to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1053"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10955",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-10955",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-14396",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-142553",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-10955",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10955",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-10955",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-14396",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1053",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-142553",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3"
},
{
"db": "CNVD",
"id": "CNVD-2019-14396"
},
{
"db": "VULHUB",
"id": "VHN-142553"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004245"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1053"
},
{
"db": "NVD",
"id": "CVE-2019-10955"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user\u2019s machine. plural Rockwell Automation The product contains an open redirect vulnerability.Information may be obtained and information may be altered. Rockwell Automation MicroLogix 1400 Controllers Series A are all programmable logic controllers from Rockwell Automation. An input validation error vulnerability exists in several Rockwell Automation products that originated from a network system or product that did not properly validate the input data. An attacker exploiting a vulnerability can build a well-designed URI and entice a user to follow it. When a victim tracks a link, they may be redirected to an attacker-controlled site to aid in phishing attacks. Other attacks are possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10955"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004245"
},
{
"db": "CNVD",
"id": "CNVD-2019-14396"
},
{
"db": "BID",
"id": "108049"
},
{
"db": "IVD",
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3"
},
{
"db": "VULHUB",
"id": "VHN-142553"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10955",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-113-01",
"trust": 3.4
},
{
"db": "BID",
"id": "108049",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1053",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-14396",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004245",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1385",
"trust": 0.6
},
{
"db": "IVD",
"id": "97035CB3-C916-4F33-BE89-AC33B1BBE2A3",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-142553",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3"
},
{
"db": "CNVD",
"id": "CNVD-2019-14396"
},
{
"db": "VULHUB",
"id": "VHN-142553"
},
{
"db": "BID",
"id": "108049"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004245"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1053"
},
{
"db": "NVD",
"id": "CVE-2019-10955"
}
]
},
"id": "VAR-201904-1023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3"
},
{
"db": "CNVD",
"id": "CNVD-2019-14396"
},
{
"db": "VULHUB",
"id": "VHN-142553"
}
],
"trust": 1.48571428
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3"
},
{
"db": "CNVD",
"id": "CNVD-2019-14396"
}
]
},
"last_update_date": "2024-11-23T23:11:53.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/site-selection.html"
},
{
"title": "Multiple Rockwell Automation products enter patches for validation error vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/161289"
},
{
"title": "Multiple Rockwell Automation Product input verification error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91903"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14396"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004245"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1053"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142553"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004245"
},
{
"db": "NVD",
"id": "CVE-2019-10955"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-113-01"
},
{
"trust": 1.7,
"url": "https://www.securityfocus.com/bid/108049"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10955"
},
{
"trust": 0.9,
"url": "https://www.rockwellautomation.com/en_in/overview.page"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10955"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79558"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14396"
},
{
"db": "VULHUB",
"id": "VHN-142553"
},
{
"db": "BID",
"id": "108049"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004245"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1053"
},
{
"db": "NVD",
"id": "CVE-2019-10955"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3"
},
{
"db": "CNVD",
"id": "CNVD-2019-14396"
},
{
"db": "VULHUB",
"id": "VHN-142553"
},
{
"db": "BID",
"id": "108049"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004245"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1053"
},
{
"db": "NVD",
"id": "CVE-2019-10955"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-15T00:00:00",
"db": "IVD",
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3"
},
{
"date": "2019-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14396"
},
{
"date": "2019-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-142553"
},
{
"date": "2019-04-23T00:00:00",
"db": "BID",
"id": "108049"
},
{
"date": "2019-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004245"
},
{
"date": "2019-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1053"
},
{
"date": "2019-04-25T18:29:00.397000",
"db": "NVD",
"id": "CVE-2019-10955"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14396"
},
{
"date": "2020-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-142553"
},
{
"date": "2019-04-23T00:00:00",
"db": "BID",
"id": "108049"
},
{
"date": "2019-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004245"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1053"
},
{
"date": "2024-11-21T04:20:13.710000",
"db": "NVD",
"id": "CVE-2019-10955"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Rockwell Automation Open redirect vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004245"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "97035cb3-c916-4f33-be89-ac33b1bbe2a3"
},
{
"db": "BID",
"id": "108049"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1053"
}
],
"trust": 1.1
}
}
var-202003-1611
Vulnerability from variot
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains an authentication vulnerability.Information may be obtained. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.001"
},
{
"model": "micrologix 1400 a",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "*"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "*"
},
{
"model": "rslogix 500",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.001"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "rslogix 5000"
},
{
"model": "micrologix 1400 a",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "21.001"
},
{
"model": "rslogix 5000",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.001"
},
{
"model": "automation micrologix controllers series a",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "automation micrologix controllers series b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.001"
},
{
"model": "automation micrologix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation rslogix software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "500\u003c=12.001"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rslogix 500",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "bdee3263-6f80-47b8-93aa-b7895dd82d23"
},
{
"db": "CNVD",
"id": "CNVD-2020-19520"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003038"
},
{
"db": "NVD",
"id": "CVE-2020-6988"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:rslogix_5000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003038"
}
]
},
"cve": "CVE-2020-6988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6988",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003038",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19520",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "bdee3263-6f80-47b8-93aa-b7895dd82d23",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-185113",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6988",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003038",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6988",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003038",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19520",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-550",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bdee3263-6f80-47b8-93aa-b7895dd82d23",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-185113",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-6988",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bdee3263-6f80-47b8-93aa-b7895dd82d23"
},
{
"db": "CNVD",
"id": "CNVD-2020-19520"
},
{
"db": "VULHUB",
"id": "VHN-185113"
},
{
"db": "VULMON",
"id": "CVE-2020-6988"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003038"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-550"
},
{
"db": "NVD",
"id": "CVE-2020-6988"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim\u2019s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains an authentication vulnerability.Information may be obtained. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6988"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003038"
},
{
"db": "CNVD",
"id": "CNVD-2020-19520"
},
{
"db": "IVD",
"id": "bdee3263-6f80-47b8-93aa-b7895dd82d23"
},
{
"db": "VULHUB",
"id": "VHN-185113"
},
{
"db": "VULMON",
"id": "CVE-2020-6988"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6988",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-070-06",
"trust": 3.2
},
{
"db": "CNNVD",
"id": "CNNVD-202003-550",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2020-19520",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003038",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46118",
"trust": 0.6
},
{
"db": "IVD",
"id": "BDEE3263-6F80-47B8-93AA-B7895DD82D23",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-185113",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-6988",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "bdee3263-6f80-47b8-93aa-b7895dd82d23"
},
{
"db": "CNVD",
"id": "CNVD-2020-19520"
},
{
"db": "VULHUB",
"id": "VHN-185113"
},
{
"db": "VULMON",
"id": "CVE-2020-6988"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003038"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-550"
},
{
"db": "NVD",
"id": "CVE-2020-6988"
}
]
},
"id": "VAR-202003-1611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "bdee3263-6f80-47b8-93aa-b7895dd82d23"
},
{
"db": "CNVD",
"id": "CNVD-2020-19520"
},
{
"db": "VULHUB",
"id": "VHN-185113"
}
],
"trust": 1.8345238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "bdee3263-6f80-47b8-93aa-b7895dd82d23"
},
{
"db": "CNVD",
"id": "CNVD-2020-19520"
}
]
},
"last_update_date": "2024-11-23T22:05:45.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/"
},
{
"title": "Patch for Multiple Rockwell Automation product licensing issue vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/210943"
},
{
"title": "Multiple Rockwell Automation Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111867"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-bugs-in-rockwell-johnson-controls-ics-gear/153602/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19520"
},
{
"db": "VULMON",
"id": "CVE-2020-6988"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003038"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-550"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-603",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185113"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003038"
},
{
"db": "NVD",
"id": "CVE-2020-6988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6988"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6988"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46118"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177523"
},
{
"trust": 0.1,
"url": "https://threatpost.com/critical-bugs-in-rockwell-johnson-controls-ics-gear/153602/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19520"
},
{
"db": "VULHUB",
"id": "VHN-185113"
},
{
"db": "VULMON",
"id": "CVE-2020-6988"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003038"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-550"
},
{
"db": "NVD",
"id": "CVE-2020-6988"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "bdee3263-6f80-47b8-93aa-b7895dd82d23"
},
{
"db": "CNVD",
"id": "CNVD-2020-19520"
},
{
"db": "VULHUB",
"id": "VHN-185113"
},
{
"db": "VULMON",
"id": "CVE-2020-6988"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003038"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-550"
},
{
"db": "NVD",
"id": "CVE-2020-6988"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "IVD",
"id": "bdee3263-6f80-47b8-93aa-b7895dd82d23"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19520"
},
{
"date": "2020-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-185113"
},
{
"date": "2020-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6988"
},
{
"date": "2020-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003038"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-550"
},
{
"date": "2020-03-16T16:15:14.767000",
"db": "NVD",
"id": "CVE-2020-6988"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19520"
},
{
"date": "2020-03-20T00:00:00",
"db": "VULHUB",
"id": "VHN-185113"
},
{
"date": "2020-03-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6988"
},
{
"date": "2020-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003038"
},
{
"date": "2020-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-550"
},
{
"date": "2024-11-21T05:36:26.567000",
"db": "NVD",
"id": "CVE-2020-6988"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-550"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Rockwell Automation Product authentication vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003038"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-550"
}
],
"trust": 0.6
}
}
var-201510-0200
Vulnerability from variot
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. The Allen-Bradley MicroLogix 1100 has a denial of service vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Allows remote attackers to initiate denial of service attacks through elaborate HTTP requests. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. A cross-site scripting vulnerability 4. An SQL-injection vulnerability An attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0200",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "automation micrologix 1766-lk32bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1763-l16dwd series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16dwd series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.003"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "110015.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov of Positive Technologies, David Atch of CyberX, and Aditya Sood",
"sources": [
{
"db": "BID",
"id": "77333"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6492",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07306",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84453",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6492",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6492",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07306",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-676",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84453",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. The Allen-Bradley MicroLogix 1100 has a denial of service vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Allows remote attackers to initiate denial of service attacks through elaborate HTTP requests. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A denial-of-service vulnerability\n3. A cross-site scripting vulnerability\n4. An SQL-injection vulnerability\nAn attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84453"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6492",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07306",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657",
"trust": 0.8
},
{
"db": "BID",
"id": "77333",
"trust": 0.3
},
{
"db": "IVD",
"id": "7C6F9932-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84453",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"id": "VAR-201510-0200",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
}
]
},
"last_update_date": "2024-11-23T21:44:49.908000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-Systems"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6492"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6492"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84453"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"date": "2015-10-28T10:59:14.920000",
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84453"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"date": "2024-11-21T02:35:04.430000",
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
],
"trust": 0.8
}
}
var-202003-1598
Vulnerability from variot
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains a vulnerability in the plaintext storage of important information.Information may be obtained. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems.
A number of Rockwell Automation products have information disclosure vulnerabilities. The vulnerability stems from the fact that the program writes the authentication data to the project file in clear text. The attacker can use this vulnerability to obtain SMTP server authentication data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1598",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.001"
},
{
"model": "micrologix 1400 a",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "*"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "*"
},
{
"model": "rslogix 500",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.001"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "rslogix 5000"
},
{
"model": "micrologix 1400 a",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "21.001"
},
{
"model": "rslogix 5000",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.001"
},
{
"model": "automation micrologix controllers series a",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "automation micrologix controllers series b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.001"
},
{
"model": "automation micrologix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation rslogix software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "500\u003c=12.001"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rslogix 500",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-19521"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003036"
},
{
"db": "NVD",
"id": "CVE-2020-6980"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:rslogix_5000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003036"
}
]
},
"cve": "CVE-2020-6980",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6980",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003036",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-19521",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-185105",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2020-6980",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-003036",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6980",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "JVNDB-2020-003036",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2020-19521",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-547",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-185105",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-19521"
},
{
"db": "VULHUB",
"id": "VHN-185105"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003036"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-547"
},
{
"db": "NVD",
"id": "CVE-2020-6980"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim\u2019s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains a vulnerability in the plaintext storage of important information.Information may be obtained. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems. \n\r\n\r\nA number of Rockwell Automation products have information disclosure vulnerabilities. The vulnerability stems from the fact that the program writes the authentication data to the project file in clear text. The attacker can use this vulnerability to obtain SMTP server authentication data",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003036"
},
{
"db": "CNVD",
"id": "CNVD-2020-19521"
},
{
"db": "IVD",
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a"
},
{
"db": "VULHUB",
"id": "VHN-185105"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6980",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-070-06",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-547",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2020-19521",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003036",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46116",
"trust": 0.6
},
{
"db": "IVD",
"id": "F00FB715-5925-4985-AE42-9EF51BC85D7A",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-185105",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-19521"
},
{
"db": "VULHUB",
"id": "VHN-185105"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003036"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-547"
},
{
"db": "NVD",
"id": "CVE-2020-6980"
}
]
},
"id": "VAR-202003-1598",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-19521"
},
{
"db": "VULHUB",
"id": "VHN-185105"
}
],
"trust": 1.8345238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-19521"
}
]
},
"last_update_date": "2024-11-23T22:05:45.303000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/"
},
{
"title": "Patch for Multiple Rockwell Automation product information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/210945"
},
{
"title": "Multiple Rockwell Automation Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111865"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19521"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003036"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-547"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185105"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003036"
},
{
"db": "NVD",
"id": "CVE-2020-6980"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6980"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6980"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46116"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19521"
},
{
"db": "VULHUB",
"id": "VHN-185105"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003036"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-547"
},
{
"db": "NVD",
"id": "CVE-2020-6980"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a"
},
{
"db": "CNVD",
"id": "CNVD-2020-19521"
},
{
"db": "VULHUB",
"id": "VHN-185105"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003036"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-547"
},
{
"db": "NVD",
"id": "CVE-2020-6980"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "IVD",
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19521"
},
{
"date": "2020-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-185105"
},
{
"date": "2020-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003036"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-547"
},
{
"date": "2020-03-16T16:15:14.610000",
"db": "NVD",
"id": "CVE-2020-6980"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19521"
},
{
"date": "2020-03-20T00:00:00",
"db": "VULHUB",
"id": "VHN-185105"
},
{
"date": "2020-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003036"
},
{
"date": "2020-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-547"
},
{
"date": "2024-11-21T05:36:25.563000",
"db": "NVD",
"id": "CVE-2020-6980"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-547"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Rockwell Automation Vulnerability in plaintext storage of important information in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003036"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "f00fb715-5925-4985-ae42-9ef51bc85d7a"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-547"
}
],
"trust": 0.8
}
}
var-201510-0198
Vulnerability from variot
Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. A cross-site scripting vulnerability 4. An SQL-injection vulnerability An attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "automation micrologix 1766-lk32bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1763-l16dwd series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16dwd series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.003"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "110015.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov of Positive Technologies, David Atch of CyberX, and Aditya Sood",
"sources": [
{
"db": "BID",
"id": "77333"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6490",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6490",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07304",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7c72e416-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-84451",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6490",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6490",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07304",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-674",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84451",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "VULHUB",
"id": "VHN-84451"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A denial-of-service vulnerability\n3. A cross-site scripting vulnerability\n4. An SQL-injection vulnerability\nAn attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6490"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84451"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6490",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07304",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655",
"trust": 0.8
},
{
"db": "BID",
"id": "77333",
"trust": 0.3
},
{
"db": "IVD",
"id": "7C72E416-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84451",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "VULHUB",
"id": "VHN-84451"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
}
]
},
"id": "VAR-201510-0198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "VULHUB",
"id": "VHN-84451"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
}
]
},
"last_update_date": "2024-11-23T21:44:49.644000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-Systems"
},
{
"title": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Fixes for stack-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58478"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84451"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6490"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6490"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "VULHUB",
"id": "VHN-84451"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"db": "VULHUB",
"id": "VHN-84451"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
},
{
"db": "NVD",
"id": "CVE-2015-6490"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84451"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-674"
},
{
"date": "2015-10-28T10:59:12.937000",
"db": "NVD",
"id": "CVE-2015-6490"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07304"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84451"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005655"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-674"
},
{
"date": "2024-11-21T02:35:04.180000",
"db": "NVD",
"id": "CVE-2015-6490"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07304"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7c72e416-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-674"
}
],
"trust": 0.8
}
}
var-202003-1602
Vulnerability from variot
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1602",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.001"
},
{
"model": "micrologix 1400 a",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "*"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "*"
},
{
"model": "rslogix 500",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.001"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "rslogix 5000"
},
{
"model": "micrologix 1400 a",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "21.001"
},
{
"model": "rslogix 5000",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.001"
},
{
"model": "automation micrologix controllers series a",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "automation micrologix controllers series b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.001"
},
{
"model": "automation micrologix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation rslogix software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "500\u003c=12.001"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rslogix 500",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b318fbd6-4ce3-4a42-89c5-871b18c445f4"
},
{
"db": "CNVD",
"id": "CNVD-2020-19524"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003037"
},
{
"db": "NVD",
"id": "CVE-2020-6984"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:rslogix_5000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003037"
}
]
},
"cve": "CVE-2020-6984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6984",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003037",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19524",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b318fbd6-4ce3-4a42-89c5-871b18c445f4",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-185109",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6984",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003037",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6984",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003037",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19524",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-555",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b318fbd6-4ce3-4a42-89c5-871b18c445f4",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-185109",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-6984",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b318fbd6-4ce3-4a42-89c5-871b18c445f4"
},
{
"db": "CNVD",
"id": "CNVD-2020-19524"
},
{
"db": "VULHUB",
"id": "VHN-185109"
},
{
"db": "VULMON",
"id": "CVE-2020-6984"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003037"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-555"
},
{
"db": "NVD",
"id": "CVE-2020-6984"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6984"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003037"
},
{
"db": "CNVD",
"id": "CNVD-2020-19524"
},
{
"db": "IVD",
"id": "b318fbd6-4ce3-4a42-89c5-871b18c445f4"
},
{
"db": "VULHUB",
"id": "VHN-185109"
},
{
"db": "VULMON",
"id": "CVE-2020-6984"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6984",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-070-06",
"trust": 3.2
},
{
"db": "CNNVD",
"id": "CNNVD-202003-555",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2020-19524",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003037",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46117",
"trust": 0.6
},
{
"db": "IVD",
"id": "B318FBD6-4CE3-4A42-89C5-871B18C445F4",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-185109",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-6984",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b318fbd6-4ce3-4a42-89c5-871b18c445f4"
},
{
"db": "CNVD",
"id": "CNVD-2020-19524"
},
{
"db": "VULHUB",
"id": "VHN-185109"
},
{
"db": "VULMON",
"id": "CVE-2020-6984"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003037"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-555"
},
{
"db": "NVD",
"id": "CVE-2020-6984"
}
]
},
"id": "VAR-202003-1602",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b318fbd6-4ce3-4a42-89c5-871b18c445f4"
},
{
"db": "CNVD",
"id": "CNVD-2020-19524"
},
{
"db": "VULHUB",
"id": "VHN-185109"
}
],
"trust": 1.8345238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b318fbd6-4ce3-4a42-89c5-871b18c445f4"
},
{
"db": "CNVD",
"id": "CNVD-2020-19524"
}
]
},
"last_update_date": "2024-11-23T22:05:45.266000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/"
},
{
"title": "Patch for Multiple Rockwell Automation product encryption problem vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/210941"
},
{
"title": "Multiple Rockwell Automation Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111870"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-bugs-in-rockwell-johnson-controls-ics-gear/153602/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19524"
},
{
"db": "VULMON",
"id": "CVE-2020-6984"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003037"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-555"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185109"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003037"
},
{
"db": "NVD",
"id": "CVE-2020-6984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6984"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6984"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46117"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/critical-bugs-in-rockwell-johnson-controls-ics-gear/153602/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19524"
},
{
"db": "VULHUB",
"id": "VHN-185109"
},
{
"db": "VULMON",
"id": "CVE-2020-6984"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003037"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-555"
},
{
"db": "NVD",
"id": "CVE-2020-6984"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b318fbd6-4ce3-4a42-89c5-871b18c445f4"
},
{
"db": "CNVD",
"id": "CNVD-2020-19524"
},
{
"db": "VULHUB",
"id": "VHN-185109"
},
{
"db": "VULMON",
"id": "CVE-2020-6984"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003037"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-555"
},
{
"db": "NVD",
"id": "CVE-2020-6984"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "IVD",
"id": "b318fbd6-4ce3-4a42-89c5-871b18c445f4"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19524"
},
{
"date": "2020-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-185109"
},
{
"date": "2020-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6984"
},
{
"date": "2020-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003037"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-555"
},
{
"date": "2020-03-16T16:15:14.670000",
"db": "NVD",
"id": "CVE-2020-6984"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19524"
},
{
"date": "2020-03-20T00:00:00",
"db": "VULHUB",
"id": "VHN-185109"
},
{
"date": "2020-03-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6984"
},
{
"date": "2020-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003037"
},
{
"date": "2020-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-555"
},
{
"date": "2024-11-21T05:36:26.053000",
"db": "NVD",
"id": "CVE-2020-6984"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-555"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Rockwell Automation Vulnerabilities in the use of cryptographic algorithms in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003037"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-555"
}
],
"trust": 0.6
}
}
var-201510-0199
Vulnerability from variot
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. Allen-Bradley MicroLogix 1100 and 1400 The device includes FRAME A vulnerability exists in which the contents of an arbitrary file are inserted into an element. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. http://cwe.mitre.org/data/definitions/434.htmlBy a remotely authenticated user FRAME Any file content may be inserted into the element. The Allen-Bradley MicroLogix 1100 has a file insertion vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Rockwell Automation 1766-L32 Series is a 1766-L32 series programmable logic controller (PLC) from Rockwell Automation. A remote file inclusion vulnerability exists in the Rockwell Automation 1766-L32 Series product, which is caused by the program's insufficient filtering of user-submitted input. An attacker could use this vulnerability to obtain sensitive information or execute arbitrary script code in the context of a Web process to control the application. This may allow the attacker to compromise the application; other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICS-CERT",
"sources": [
{
"db": "BID",
"id": "76357"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
}
],
"trust": 0.9
},
"cve": "CVE-2015-6491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-6491",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07305",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "7c716140-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-84452",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6491",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6491",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-07305",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-675",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84452",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "VULHUB",
"id": "VHN-84452"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. Allen-Bradley MicroLogix 1100 and 1400 The device includes FRAME A vulnerability exists in which the contents of an arbitrary file are inserted into an element. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. http://cwe.mitre.org/data/definitions/434.htmlBy a remotely authenticated user FRAME Any file content may be inserted into the element. The Allen-Bradley MicroLogix 1100 has a file insertion vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Rockwell Automation 1766-L32 Series is a 1766-L32 series programmable logic controller (PLC) from Rockwell Automation. \nA remote file inclusion vulnerability exists in the Rockwell Automation 1766-L32 Series product, which is caused by the program\u0027s insufficient filtering of user-submitted input. An attacker could use this vulnerability to obtain sensitive information or execute arbitrary script code in the context of a Web process to control the application. This may allow the attacker to compromise the application; other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6491"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"db": "BID",
"id": "76357"
},
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84452"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6491",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.1
},
{
"db": "BID",
"id": "76357",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07305",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365",
"trust": 0.6
},
{
"db": "IVD",
"id": "7C716140-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84452",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "VULHUB",
"id": "VHN-84452"
},
{
"db": "BID",
"id": "76357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
}
]
},
"id": "VAR-201510-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "VULHUB",
"id": "VHN-84452"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
}
]
},
"last_update_date": "2024-11-23T21:44:49.733000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-Systems"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6491"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6491"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/76357"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "VULHUB",
"id": "VHN-84452"
},
{
"db": "BID",
"id": "76357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"db": "VULHUB",
"id": "VHN-84452"
},
{
"db": "BID",
"id": "76357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
},
{
"db": "NVD",
"id": "CVE-2015-6491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84452"
},
{
"date": "2015-08-13T00:00:00",
"db": "BID",
"id": "76357"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"date": "2015-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-675"
},
{
"date": "2015-10-28T10:59:13.887000",
"db": "NVD",
"id": "CVE-2015-6491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07305"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84452"
},
{
"date": "2015-12-08T22:02:00",
"db": "BID",
"id": "76357"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005656"
},
{
"date": "2015-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-675"
},
{
"date": "2024-11-21T02:35:04.300000",
"db": "NVD",
"id": "CVE-2015-6491"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-365"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix Arbitrary file insertion vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07305"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "7c716140-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-675"
}
],
"trust": 0.8
}
}
var-201510-0197
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. There is a cross-site scripting vulnerability in the Allen-Bradley MicroLogix 1100 version prior to B FRN 15.000 and the 1400 version prior to B FRN 15.003. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. A cross-site scripting vulnerability 4. An SQL-injection vulnerability An attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0197",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "automation micrologix 1766-lk32bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1763-l16dwd series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16dwd series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.003"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "110015.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov of Positive Technologies, David Atch of CyberX, and Aditya Sood",
"sources": [
{
"db": "BID",
"id": "77333"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6488",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-6488",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-07303",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-84449",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6488",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6488",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-07303",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-673",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84449",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "VULHUB",
"id": "VHN-84449"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. There is a cross-site scripting vulnerability in the Allen-Bradley MicroLogix 1100 version prior to B FRN 15.000 and the 1400 version prior to B FRN 15.003. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A denial-of-service vulnerability\n3. A cross-site scripting vulnerability\n4. An SQL-injection vulnerability\nAn attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6488"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84449"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6488",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07303",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654",
"trust": 0.8
},
{
"db": "BID",
"id": "77333",
"trust": 0.3
},
{
"db": "IVD",
"id": "7C64C1B0-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84449",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "VULHUB",
"id": "VHN-84449"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
}
]
},
"id": "VAR-201510-0197",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "VULHUB",
"id": "VHN-84449"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
}
]
},
"last_update_date": "2024-11-23T21:44:49.685000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-Systems"
},
{
"title": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58477"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84449"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6488"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6488"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "VULHUB",
"id": "VHN-84449"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"db": "VULHUB",
"id": "VHN-84449"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
},
{
"db": "NVD",
"id": "CVE-2015-6488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84449"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-673"
},
{
"date": "2015-10-28T10:59:11.967000",
"db": "NVD",
"id": "CVE-2015-6488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07303"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84449"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005654"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-673"
},
{
"date": "2024-11-21T02:35:04.060000",
"db": "NVD",
"id": "CVE-2015-6488"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c64c1b0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07303"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-673"
}
],
"trust": 0.6
}
}
var-202003-1613
Vulnerability from variot
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems.
Vulnerabilities in trust management issues exist in many Rockwell Automation products. The vulnerability stems from the RSLogix 500 binary file with a hard-coded encryption key used to protect the account password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1613",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1400 b",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "21.001"
},
{
"model": "micrologix 1400 a",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "*"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "*"
},
{
"model": "rslogix 500",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.001"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "rslogix 5000"
},
{
"model": "micrologix 1400 a",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "micrologix 1400 b",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "21.001"
},
{
"model": "rslogix 5000",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.001"
},
{
"model": "automation micrologix controllers series a",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "automation micrologix controllers series b",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400\u003c=21.001"
},
{
"model": "automation micrologix controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation rslogix software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "500\u003c=12.001"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400 b",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rslogix 500",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d0fad42-360f-41a5-991b-69082cdd59c7"
},
{
"db": "CNVD",
"id": "CNVD-2020-19523"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003039"
},
{
"db": "NVD",
"id": "CVE-2020-6990"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:rslogix_5000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003039"
}
]
},
"cve": "CVE-2020-6990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6990",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-003039",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19523",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d0fad42-360f-41a5-991b-69082cdd59c7",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-185115",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6990",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003039",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6990",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003039",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-19523",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-558",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d0fad42-360f-41a5-991b-69082cdd59c7",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-185115",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d0fad42-360f-41a5-991b-69082cdd59c7"
},
{
"db": "CNVD",
"id": "CNVD-2020-19523"
},
{
"db": "VULHUB",
"id": "VHN-185115"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003039"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-558"
},
{
"db": "NVD",
"id": "CVE-2020-6990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. Rockwell Automation MicroLogix 1400 , MicroLogix 1100 controller, RSLogix 500 The software contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Rockwell Automation MicroLogix 1400 Controllers Series A and others are products of Rockwell Automation (USA). Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller. MicroLogix 1100 Controllers is a programmable logic controller. RSLogix 500 Software is a set of programming software for industrial control systems. \n\r\n\r\nVulnerabilities in trust management issues exist in many Rockwell Automation products. The vulnerability stems from the RSLogix 500 binary file with a hard-coded encryption key used to protect the account password",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6990"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003039"
},
{
"db": "CNVD",
"id": "CNVD-2020-19523"
},
{
"db": "IVD",
"id": "7d0fad42-360f-41a5-991b-69082cdd59c7"
},
{
"db": "VULHUB",
"id": "VHN-185115"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6990",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-070-06",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-558",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2020-19523",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003039",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46115",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D0FAD42-360F-41A5-991B-69082CDD59C7",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-185115",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d0fad42-360f-41a5-991b-69082cdd59c7"
},
{
"db": "CNVD",
"id": "CNVD-2020-19523"
},
{
"db": "VULHUB",
"id": "VHN-185115"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003039"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-558"
},
{
"db": "NVD",
"id": "CVE-2020-6990"
}
]
},
"id": "VAR-202003-1613",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d0fad42-360f-41a5-991b-69082cdd59c7"
},
{
"db": "CNVD",
"id": "CNVD-2020-19523"
},
{
"db": "VULHUB",
"id": "VHN-185115"
}
],
"trust": 1.8345238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d0fad42-360f-41a5-991b-69082cdd59c7"
},
{
"db": "CNVD",
"id": "CNVD-2020-19523"
}
]
},
"last_update_date": "2024-11-23T22:05:45.376000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://ab.rockwellautomation.com/"
},
{
"title": "Patch for Multiple Rockwell Automation product trust management issues",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/210939"
},
{
"title": "Multiple Rockwell Automation Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111504"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19523"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003039"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
},
{
"problemtype": "CWE-321",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185115"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003039"
},
{
"db": "NVD",
"id": "CVE-2020-6990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-06"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6990"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6990"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46115"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19523"
},
{
"db": "VULHUB",
"id": "VHN-185115"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003039"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-558"
},
{
"db": "NVD",
"id": "CVE-2020-6990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d0fad42-360f-41a5-991b-69082cdd59c7"
},
{
"db": "CNVD",
"id": "CNVD-2020-19523"
},
{
"db": "VULHUB",
"id": "VHN-185115"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003039"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-558"
},
{
"db": "NVD",
"id": "CVE-2020-6990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "IVD",
"id": "7d0fad42-360f-41a5-991b-69082cdd59c7"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19523"
},
{
"date": "2020-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-185115"
},
{
"date": "2020-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003039"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-558"
},
{
"date": "2020-03-16T16:15:14.843000",
"db": "NVD",
"id": "CVE-2020-6990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19523"
},
{
"date": "2020-03-20T00:00:00",
"db": "VULHUB",
"id": "VHN-185115"
},
{
"date": "2020-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003039"
},
{
"date": "2020-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-558"
},
{
"date": "2024-11-21T05:36:26.807000",
"db": "NVD",
"id": "CVE-2020-6990"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Rockwell Automation Vulnerabilities in the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003039"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-558"
}
],
"trust": 0.6
}
}
CVE-2022-2179 (GCVE-0-2022-2179)
Vulnerability from cvelistv5
Published
2022-07-20 15:36
Modified
2025-04-16 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01 | x_refsource_CONFIRM | |
| https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | MicroLogix 1400 |
Version: unspecified < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:07.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:51:04.270712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:14:37.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MicroLogix 1400",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "21.007",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "MicroLogix 1100",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation."
}
],
"datePublic": "2022-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T15:36:32.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames",
"workarounds": [
{
"lang": "en",
"value": "Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk. Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also provided below) to deploy a defense-in-depth strategy.\n\n Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the intended use of the device).\n Configure firewalls to disallow network communication through HTTP/Port 80\n\nIf applying the mitigations noted above are not possible, please see Rockwell Automation\u2019s Knowledgebase article QA43240 Security Best Practices.\n\nFor more information, please see the industrial security advisory from Rockwell Automation."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-07-19T20:09:00.000Z",
"ID": "CVE-2022-2179",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MicroLogix 1400",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "21.007"
}
]
}
},
{
"product_name": "MicroLogix 1100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk. Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also provided below) to deploy a defense-in-depth strategy.\n\n Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the intended use of the device).\n Configure firewalls to disallow network communication through HTTP/Port 80\n\nIf applying the mitigations noted above are not possible, please see Rockwell Automation\u2019s Knowledgebase article QA43240 Security Best Practices.\n\nFor more information, please see the industrial security advisory from Rockwell Automation."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2179",
"datePublished": "2022-07-20T15:36:33.007Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:14:37.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3166 (GCVE-0-2022-3166)
Vulnerability from cvelistv5
Published
2022-12-16 19:59
Modified
2025-04-17 15:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Summary
Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | MicroLogix 1100 |
Version: All |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137678"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:30:04.669128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:30:27.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroLogix 1100",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix 1400-B/C",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "21.007 and below"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix 1400-A",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "7.000 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Parul Sindhwad and Dr. Faruk Kazi of CoE-CNDS Lab, VJTI, Mumbai, India reported this vulnerability to Rockwell Automation"
}
],
"datePublic": "2022-12-13T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device\u003c/span\u003e\n\n"
}
],
"value": "\nRockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-924",
"description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T14:08:16.124Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137678"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MicroLogix 1100 \u0026 1400 Product Web Server Application Vulnerable to Denial-Of-Service Condition Attack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2022-3166",
"datePublished": "2022-12-16T19:59:25.261Z",
"dateReserved": "2022-09-08T13:39:09.263Z",
"dateUpdated": "2025-04-17T15:30:27.677Z",
"requesterUserId": "20b06643-9bf3-4d1d-a98d-f8db99f95a31",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}