PT-2015-16: Cross-site scripting in Rockwell Automation Micrologix 1100 and 1400 PLC
Version: Series B before FRN 15.000
Version: Series B before FRN 15.003
Severity level: Medium
Impact: Cross-site scripting
Access Vector: Remote
Base Score: 4.3
Rockwell Automation Micrologix 1100 and 1400 are programmable logic controllers.
The specialists of the Positive Research center have detected a Cross-site scripting vulnerability in Rockwell Automation Micrologix 1100 and 1400 PLC.
How to fix
Update the firmware of your device to the latest version
11.06.2015 - Vendor gets vulnerability details
27.10.2015 - Vendor releases fixed version and details
03.12.2015 - Public disclosure
The vulnerability was detected by Ilya Karpov, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: