header-logo
Suggest Exploit
vendor:
Rockwell Scada System
by:
t4rkd3vilz
6.1
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Rockwell Scada System
Affected Version From: 1769-L16ER-BB1B, Version 27.011 and earlier
Affected Version To: 1769-L36ERM, Version 27.011 and earlier
Patch Exists: YES
Related CWE: CVE-2016-2279
CPE: 2.3:a:rockwell_automation:rockwell_scada_system
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows Machine and Chrome,Firefox explorer
2018

Rockwell Scada System – Cross-Site Scripting

A Cross-Site Scripting (XSS) vulnerability was discovered in Rockwell Scada System. The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'name' parameter to '/rokform/SysDataDetail' script. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable website. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Input validation should be used to prevent Cross-Site Scripting attacks. The application should sanitize all user-supplied input to prevent malicious HTML and script code from being executed.
Source

Exploit-DB raw data:

# Exploit Title: Rockwell Scada System - Cross-Site Scripting
# Date: 2018-05-16
# Exploit Author: t4rkd3vilz
# Vendor Homepage: https://rockwellautomation.com/
# Software Link: http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=4
# Version: 1769-L16ER-BB1B, Version 27.011 and earlier, 1769-L18ER-BB1B, Version 27.011 and earlier, 
# 1769-L18ERM-BB1B, Version 27.011 and earlier, 1769-L24ER-QB1B, 
# Version 27.011 and earlier, 1769-L24ER-QBFC1B
# Version 27.011 and earlier, 1769-L27ERM-QBFC1B, Version 27.011 and earlier 
# 1769-L30ER Version 27.011 and earlier, 1769-L30ERM, Version 27.011 and earlier, 
# 1769-L30ER-NSE, Version 27.011 and earlier
# 1769-L33ER Version 27.011 and earlier, 1769-L33ERM, Version 27.011 and earlier, 1769-L36ERM, Version 27.011 and earlier 
# 1769-L23E-QB1B, Version 20.018 and earlier (Discontinued June 2016), and 1769-L23E-QBFC1B, Version 20.018 and earlier 
# (Discontinued June 2016).
# Tested on: Windows Machine and Chrome,Firefox explorer
# CVE : CVE-2016-2279

# PoC 
http://TargetIP/rokform/SysDataDetail?name=<<script>alert(1);</script>

Navigation

Suggest Exploit

Services By CQR