Vulnerability in Rockwell Automation ControlLogix 1756-ENBT/A Bridge
This is an important note to those who are still using the older Rockwell Automation (Allen Bradley) 1756 ENBT/A bridge for Ethernet/IP — there seems to be a “Potential Security Vulnerability” for the module.
Here is the full description of the vulnerability (per Rockwell’s official support site):
- The potential for cross-site scripting, which could allow the Product to be used in a social engineering attack.
- An attacker could potentially craft a URL that looked as if it would take a user to the Product, but would instead execute script from a different location. A successful attack would require the attacker to transmit the crafted URL to a user with access to the web interface of the Product and to convince that user to open the URL.
- The potential for web redirection, which could allow the Product to be used in a social engineering attack.An attacker could potentially craft a URL that looked as if it would take a user to the Product, but would actually direct the browser to a different location. A successful attack would require the attacker to transmit the crafted URL to a user with access to the web interface of the Product and to convince that user to open the URL.
- The potential for exposure of some of the Product’s internal web page information. While this does not directly present a functional vulnerability, it does expose some internal information about the module.
The new firmware scheduled for July 2009 will fix this vulnerability. They have suggested the possible use of IE8 (beta) and Firefox may help prevent the cross site scripting attacks.
US-CERT reports it with Vulnerability Note VU#882619 here.
[Update: US-CERT also reports VU#619499 Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URL Redirection Vulnerability]
Full list of control system vulnerabilities from 2007-present can be seen here.
