CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0472
https://notcve.org/view.php?id=CVE-2009-0472
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de ejecución de comandos en sitios cruzados en el interfaz web en el módulo Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores sin especificar. • http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 http://secunia.com/advisories/33783 http://www.kb.cert.org/vuls/id/882619 http://www.securityfocus.com/bid/33638 http://www.vupen.com/english/advisories/2009/0347 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0474
https://notcve.org/view.php?id=CVE-2009-0474
The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to obtain "internal web page information" and "internal information about the module" via unspecified vectors. NOTE: this may overlap CVE-2002-1603. El interfaz web en el módulo Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge permite a atacantes remotos obtener "información de la pagina web interna" y "información interna del módulo" a través de vectores desconocidos. NOTA: esta vulnerabilidad puede solaparse con CVE-2002-1603. • http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 http://secunia.com/advisories/33783 http://www.kb.cert.org/vuls/id/124059 http://www.kb.cert.org/vuls/id/RGII-7MWKZ3 http://www.vupen.com/english/advisories/2009/0347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2009-0473
https://notcve.org/view.php?id=CVE-2009-0473
Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el interfaz web en el módulo Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge permite a atacantes remotos redireccionar a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores no especificados. • https://github.com/akbarq/CVE-2009-0473-check http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 http://secunia.com/advisories/33783 http://www.kb.cert.org/vuls/id/619499 http://www.securityfocus.com/bid/33636 http://www.vupen.com/english/advisories/2009/0347 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •