Rockwell Automation 1766-L32 Series Vulnerability (Update A)

This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS ALERT 15 225-02 Rockwell Automation 1766-L32 Series Vulnerability that was published August 13, 2015, on the ICS-CERT web page. NCCIC/ICS-CERT is aware of a public report of a remote file inclusion vulnerability with proof-of-concept (PoC) exploit code affecting Rockwell Automation 1766-L32BWAA/1766-L32BXBA web interfaces. This is a programmable logic controller (PLC) used for automation in industrial processes. ICS CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
Source: US-CERT ICS Alerts