CVE-2015-6488

Name of the Vulnerable Software and Affected Versions Allen-Bradley MicroLogix 1100 versions before B FRN 15.000 Allen-Bradley MicroLogix 1400 versions before B FRN 15.003

Description The issue is related to a cross-site scripting (XSS) vulnerability in the web server of the affected devices. This vulnerability exists due to the lack of protection for the web page structure, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. Exploitation of this vulnerability may enable an attacker to execute arbitrary code when a user navigates to a specially crafted link.

Recommendations For Allen-Bradley MicroLogix 1100 versions before B FRN 15.000, update to version B FRN 15.000 or later. For Allen-Bradley MicroLogix 1400 versions before B FRN 15.003, update to version B FRN 15.003 or later.