Rockwell.Automation.Controller.Open.Redirect

description-logoDescription

This indicates an attack attempt to exploit an Open Redirect vulnerability in Rockwell Automation Controllers.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. An attacker can exploit this by tricking an unsuspecting user into opening an crafted URL, leading to further attacks.

affected-products-logoAffected Products

MicroLogix 1400 Controllers Series A, All Versions
MicroLogix 1400 Controllers Series B, v15.002 and earlier
MicroLogix 1100 Controllers v14.00 and earlier
CompactLogix 5370 L1 controllers v30.014 and earlier
CompactLogix 5370 L2 controllers v30.014 and earlier
CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier

Impact logoImpact

System Compromise: Remote attackers redirect users to attacker-controlled websites, tricking users into disclosing sensitive information or executing arbitrary code leading to a system compromise.

recomended-action-logoRecommended Actions

Refer to the vendor's advisory for updates:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1086288 (Login required)

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-06 14.627 Severity:high:medium
2019-05-24 14.620 Default_action:pass:drop
2019-05-10 14.612