Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-6492 (GCVE-0-2015-6492)
Vulnerability from cvelistv5 – Published: 2015-10-28 10:00 – Updated: 2024-08-06 07:22
VLAI?
EPSS
Summary
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2015-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-28T02:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-6492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-6492",
"datePublished": "2015-10-28T10:00:00.000Z",
"dateReserved": "2015-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:22:22.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-6492",
"date": "2026-04-19",
"epss": "0.09975",
"percentile": "0.93056"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-6492\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2015-10-28T10:59:14.920\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.\"},{\"lang\":\"es\",\"value\":\"Dispositivos Allen-Bradley MicroLogix 1100 en versiones anteriores a B FRN 15.000 y dispositivos 1400 en versiones anteriores a B FRN 15.003 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda del dispositivo) a trav\u00e9s de una petici\u00f3n HTTP manipualda.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.000\",\"matchCriteriaId\":\"38474485-5A69-4BE0-B682-5E03D8C4512B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"15.002\",\"matchCriteriaId\":\"DD8B0119-A401-4F4B-BF4A-D1D1C927F4C2\"}]}]}],\"references\":[{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
CNVD-2015-07306
Vulnerability from cnvd - Published: 2015-11-05
VLAI Severity ?
Title
Allen-Bradley MicroLogix拒绝服务漏洞
Description
Allen-Bradley MicroLogix是美国罗克韦尔(Rockwell Automation)公司的可编程逻辑控制器(PLC)。
Allen-Bradley MicroLogix 1100在B FRN 15.000之前的版本和1400在B FRN 15.003之前的版本,存在拒绝服务漏洞。允许远程攻击者,通过精心编制的HTTP请求,发起拒绝服务攻击。
Severity
高
Formal description
目前没有详细的解决方案,请到厂商的主页下载: http://www.rockwellautomation.com
Reference
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03
Impacted products
| Name | ['Rockwell Automation Micrologix 1100', 'Rockwell Automation Micrologix 1400'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-6492"
}
},
"description": "Allen-Bradley MicroLogix\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u3002\r\n\r\nAllen-Bradley MicroLogix 1100\u5728B FRN 15.000\u4e4b\u524d\u7684\u7248\u672c\u548c1400\u5728B FRN 15.003\u4e4b\u524d\u7684\u7248\u672c\uff0c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\uff0c\u901a\u8fc7\u7cbe\u5fc3\u7f16\u5236\u7684HTTP\u8bf7\u6c42\uff0c\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
"discovererName": "Ilya Karpov\uff0cDavid Atch\uff0cAditya Sood",
"formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.rockwellautomation.com",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-07306",
"openTime": "2015-11-05",
"products": {
"product": [
"Rockwell Automation Micrologix 1100",
"Rockwell Automation Micrologix 1400"
]
},
"referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03",
"serverity": "\u9ad8",
"submitTime": "2015-10-30",
"title": "Allen-Bradley MicroLogix\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
tid-211
Vulnerability from emb3d
Type
Description
If a device does not have a mechanism to authenticate firmware updates, a threat actor may be able to install malicious or corrupt firmware on the device. In such cases, an adversary may craft a customized or maliciously modified firmware update package that, if properly formed, the device will install it without challenge. The unauthorized firmware could then be used to (i) “brick” the device and prevent it from being reset, (ii) install malicious logic on the device, including to gain persistence, or (iii) enable access to ease reverse engineering the device to identify remotely exploitable vulnerabilities, depending on how the firmware was formed and how the target device responds to it. Devices that perform only error checking of update packages prior to installation (e.g., parity checks, hash checks without a cryptographic signature, etc.) will be susceptible to this threat. This threat also includes any firmware authentication mechanisms that are not enforced on the device. If devices don’t check firmware integrity/download command authenticity on-device, threat actors may be able to falsely attest that their firmware is secure, thereby bypassing firmware integrity checks. One mechanism through which threat actors could perform this action is by taking advantage of a device’s reliance on a separate management device or service to check firmware. Threat actors may be able to spoof the management device firmware check and successfully initiate a malicious firmware download.
CWE
- CWE-306: Missing Authentication for Critical Function
GHSA-W665-2M7X-QM3J
Vulnerability from github – Published: 2022-05-17 04:03 – Updated: 2022-05-17 04:03
VLAI?
Details
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.
{
"affected": [],
"aliases": [
"CVE-2015-6492"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-10-28T10:59:00Z",
"severity": "HIGH"
},
"details": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.",
"id": "GHSA-w665-2m7x-qm3j",
"modified": "2022-05-17T04:03:56Z",
"published": "2022-05-17T04:03:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6492"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03"
}
],
"schema_version": "1.4.0",
"severity": []
}
ICSA-15-300-03A
Vulnerability from csaf_cisa - Published: 2015-07-30 06:00 - Updated: 2025-06-09 16:26Summary
Rockwell Automation Micrologix 1100 and 1400 PLC Systems Vulnerabilities (Update A)
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
9.8 (Critical)
Mitigation
Update to the latest versions. (http://infiniteautomation.com/index.php/download)
http://infiniteautomation.com/index.php/download
7.5 (High)
Mitigation
Update to the latest versions. (http://infiniteautomation.com/index.php/download)
http://infiniteautomation.com/index.php/download
4.6 (Medium)
Mitigation
Update to the latest versions. (http://infiniteautomation.com/index.php/download)
http://infiniteautomation.com/index.php/download
4.7 (Medium)
Mitigation
Update to the latest versions. (http://infiniteautomation.com/index.php/download)
http://infiniteautomation.com/index.php/download
CWE-89
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Mitigation
Update to the latest versions. (http://infiniteautomation.com/index.php/download)
http://infiniteautomation.com/index.php/download
References
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-15-300-03A JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2015/icsa-15-300-03a.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-15-300-03A - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-300-03a"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
}
],
"title": "Rockwell Automation Micrologix 1100 and 1400 PLC Systems Vulnerabilities (Update A)",
"tracking": {
"current_release_date": "2025-06-09T16:26:55.984078Z",
"generator": {
"date": "2025-06-09T16:26:55.983961Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-15-300-03A",
"initial_release_date": "2015-07-30T06:00:00.000000Z",
"revision_history": [
{
"date": "2015-07-30T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2025-06-09T16:26:55.984078Z",
"legacy_version": "CSAF Conversion",
"number": "2",
"summary": "Advisory converted into a CSAF"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=14.000",
"product": {
"name": "Rockwell Micrologix 1100 PLC Series A, B: \u003c=14.000",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Micrologix 1100 PLC Series A, B"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=15.002",
"product": {
"name": "Rockwell Micrologix 1400 PLC Series A, B: \u003c=15.002",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Micrologix 1400 PLC Series A, B"
}
],
"category": "vendor",
"name": "Rockwell"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-6490",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest versions. (http://infiniteautomation.com/index.php/download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://infiniteautomation.com/index.php/download"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-6492",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest versions. (http://infiniteautomation.com/index.php/download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://infiniteautomation.com/index.php/download"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-6491",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "summary",
"text": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest versions. (http://infiniteautomation.com/index.php/download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://infiniteautomation.com/index.php/download"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-6488",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest versions. (http://infiniteautomation.com/index.php/download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://infiniteautomation.com/index.php/download"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-6486",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest versions. (http://infiniteautomation.com/index.php/download)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://infiniteautomation.com/index.php/download"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
FKIE_CVE-2015-6492
Vulnerability from fkie_nvd - Published: 2015-10-28 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03 | Patch, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rockwellautomation | micrologix_1100_firmware | * | |
| rockwellautomation | micrologix_1400_firmware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38474485-5A69-4BE0-B682-5E03D8C4512B",
"versionEndIncluding": "14.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8B0119-A401-4F4B-BF4A-D1D1C927F4C2",
"versionEndIncluding": "15.002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request."
},
{
"lang": "es",
"value": "Dispositivos Allen-Bradley MicroLogix 1100 en versiones anteriores a B FRN 15.000 y dispositivos 1400 en versiones anteriores a B FRN 15.003 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda del dispositivo) a trav\u00e9s de una petici\u00f3n HTTP manipualda."
}
],
"id": "CVE-2015-6492",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-28T10:59:14.920",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
BDU:2015-11947
Vulnerability from fstec - Published: 28.10.2015
VLAI Severity ?
Title
Уязвимость микропрограммного обеспечения программируемых логических контроллеров Micrologix 1100 и 1400, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость микропрограммного обеспечения программируемых логических контроллеров Micrologix 1100 и 1400 вызвана переполнением буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании с помощью специально сформированного HTTP-запроса
Severity ?
Vendor
Rockwell Automation Inc.
Software Name
Micrologix 1100, MicroLogix 1400
Software Version
до FRN 15.000 (Micrologix 1100), до FRN 15.003 (MicroLogix 1400)
Possible Mitigations
Обновление микропрограммного обеспечения до более новой версии, доступной по адресу:
http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=30&crumb=112
Reference
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03
CWE
CWE-119
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Rockwell Automation Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e FRN 15.000 (Micrologix 1100), \u0434\u043e FRN 15.003 (MicroLogix 1400)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443:\nhttp://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=30\u0026crumb=112",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.10.2015",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.11.2015",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-11947",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-6492",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Micrologix 1100, MicroLogix 1400",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Micrologix 1100 \u0438 1400, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Micrologix 1100 \u0438 1400 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
GSD-2015-6492
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-6492",
"description": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.",
"id": "GSD-2015-6492"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-6492"
],
"details": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request.",
"id": "GSD-2015-6492",
"modified": "2023-12-13T01:20:04.388516Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-6492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.002",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.000",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-6492"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2015-10-28T21:03Z",
"publishedDate": "2015-10-28T10:59Z"
}
}
}
VAR-201510-0200
Vulnerability from variot - Updated: 2025-04-13 23:09Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. The Allen-Bradley MicroLogix 1100 has a denial of service vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Allows remote attackers to initiate denial of service attacks through elaborate HTTP requests. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. A cross-site scripting vulnerability 4. An SQL-injection vulnerability An attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0200",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micrologix 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "micrologix 1100",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.000"
},
{
"model": "micrologix 1400",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "b frn 15.003"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1100"
},
{
"model": "automation micrologix",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1400"
},
{
"model": "micrologix 1100",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "14.000"
},
{
"model": "micrologix 1400",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "15.002"
},
{
"model": "automation micrologix 1766-lk32bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxba series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bxb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awaa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1766-l32awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.002"
},
{
"model": "automation micrologix 1763-l16dwd series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16dwd series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bwa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16bbb series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series b",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix 1763-l16awa series a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "110014.0"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "140015.003"
},
{
"model": "automation micrologix frn series b",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "110015.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "micrologix 1400",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:rockwellautomation:micrologix_1400_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov of Positive Technologies, David Atch of CyberX, and Aditya Sood",
"sources": [
{
"db": "BID",
"id": "77333"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6492",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07306",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84453",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6492",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6492",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07306",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-676",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84453",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. Allen-Bradley MicroLogix is a programmable logic controller (PLC) from Rockwell Automation. The Allen-Bradley MicroLogix 1100 has a denial of service vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Allows remote attackers to initiate denial of service attacks through elaborate HTTP requests. Multiple Rockwell Automation Micrologix products are prone to the following security vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A denial-of-service vulnerability\n3. A cross-site scripting vulnerability\n4. An SQL-injection vulnerability\nAn attacker can exploit these issues to execute arbitrary code, crash the device, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials and compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84453"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6492",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-03",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-07306",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657",
"trust": 0.8
},
{
"db": "BID",
"id": "77333",
"trust": 0.3
},
{
"db": "IVD",
"id": "7C6F9932-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84453",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"id": "VAR-201510-0200",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
}
],
"trust": 1.7076923000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
}
]
},
"last_update_date": "2025-04-13T23:09:46.309000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MicroLogix\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://ab.rockwellautomation.com/ja/Programmable-Controllers/MicroLogix-Systems"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6492"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6492"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"db": "VULHUB",
"id": "VHN-84453"
},
{
"db": "BID",
"id": "77333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84453"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"date": "2015-10-28T10:59:14.920000",
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07306"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84453"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77333"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005657"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-676"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6492"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allen-Bradley MicroLogix Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07306"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7c6f9932-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-676"
}
],
"trust": 0.8
}
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…