Medium severity6.1NVD Advisory· Published Mar 2, 2016· Updated May 6, 2026
CVE-2016-2279
CVE-2016-2279
Description
Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected products
23- cpe:2.3:o:rockwellautomation:compactlogix_1769-l23e-qb1b_firmware:*:*:*:*:*:*:*:*Range: <=20.018
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l23e-qbfc1b_firmware:*:*:*:*:*:*:*:*Range: <=20.018
- cpe:2.3:o:rockwellautomation:compactlogix_1756-en2f_series_a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:rockwellautomation:compactlogix_1756-en2f_series_b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_d_firmware:*:*:*:*:*:*:*:*Range: <=10.007
- cpe:2.3:o:rockwellautomation:compactlogix_1756-en2tr_series_a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:rockwellautomation:compactlogix_1756-en2tr_series_b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:rockwellautomation:compactlogix_1756-en3tr_series_a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l16er-bb1b_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l18er-bb1b_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l18erm-bb1b_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l24er-qb1b_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l24er-qbfc1b_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l27erm-qbfc1b_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l30er_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l30erm_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l30er-nse_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l33er_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l33erm_firmware:*:*:*:*:*:*:*:*Range: <=27.011
- cpe:2.3:o:rockwellautomation:compactlogix_1769-l36erm_firmware:*:*:*:*:*:*:*:*Range: <=27.011
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/44626/nvdExploitThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035190nvdBroken LinkThird Party AdvisoryVDB Entry
- ics-cert.us-cert.gov/advisories/ICSA-16-061-02nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.