Rockwell Automation 1769-L18ER and A LOGIX5318ER Vulnerability (Update A)

This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS ALERT 15 225-01 Rockwell Automation 1769-L18ER and Logix5318ER Vulnerability that was published August 13, 2015, on the ICS-CERT web page. NCCIC/ICS-CERT is aware of a public report of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting Rockwell Automation 1769-L18ER/A LOGIX5318ER devices web interface. This is a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
Source: US-CERT ICS Alerts