← Back to home
ICSA-16-061-02  ·  Published 2025-06-05  ·  View on CISA ICS-CERT ↗

Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting Vulnerability (Update A)

CVSS 6.1 MEDIUM

CVEs (1)

Remediations

  • Rockwell Automation recommends that users of 1769-L23E-QB1B migrate to 1769-L24ER-BB1B and users of 1769-L23E-QBFC1B migrate to 1769-L24ER-QBFC1B.
  • For 1756-EN2F Series C, 1756-EN2T Series D, 1756-EN2TR Series C, and 1756-EN3TRSeries B, Rockwell Automation recommends users apply FRN 10.010 or later available at: (https://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1756-EN3TR&crumb=112)
  • For earlier versions: users using previous series of the affected 1756 EtherNet/IP catalog numbers are urged to assess their risk and, if necessary, contact their local distributor or sales office in order to upgrade to a newer product line that contains the relevant mitigations.
  • For the other affected versions listed above, Rockwell Automation recommends users apply firmware Version 28.011+ available at: (http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=4)
  • For more detailed information, please see Rockwell Automation’s security notification (KB731098), available at the following URL with a valid account: (https://rockwellautomation.custhelp.com/app/answers/detail/a_id/731098)
  • Rockwell Automation also recommends the following security practices: Do not click on or open URL links from untrusted sources. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack. Use trusted software, software patches, antivirus/antimalware programs and interact only with trusted websites and attachments. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. Locate control system networks and devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

Affected Vendors

Rockwell Automation

Affected Products (23)

Rockwell Automation · 1769-L16ER-BB1B <=27.011
Rockwell Automation · 1769-L18ER-BB1B <=27.011
Rockwell Automation · 1769-L18ERM-BB1B <=27.011
Rockwell Automation · 1769-L24ER-QB1B <=27.011
Rockwell Automation · 1769-L24ER-QBFC1B <=27.011
Rockwell Automation · 1769-L27ERM-QBFC1B <=27.011
Rockwell Automation · 1769-L30ER <=27.011
Rockwell Automation · 1769-L30ERM <=27.011
Rockwell Automation · 1769-L30ER-NSE <=27.011
Rockwell Automation · 1769-L33ER <=27.011
Rockwell Automation · 1769-L33ERM <=27.011
Rockwell Automation · 1769-L36ERM <=27.011
Rockwell Automation · 1769-L23E-QB1B <=20.018
Rockwell Automation · 1769-L23E-QBFC1B <=20.018
Rockwell Automation · 1756-EN2F Series A vers:all/*
Rockwell Automation · 1756-EN2F Series B vers:all/*
Rockwell Automation · 1756-EN2T Series A vers:all/*
Rockwell Automation · 1756-EN2T Series B vers:all/*
Rockwell Automation · 1756-EN2T Series C vers:all/*
Rockwell Automation · 1756-EN2T Series D <=10.007
Rockwell Automation · 1756-EN2TR Series A vers:all/*
Rockwell Automation · 1756-EN2TR Series B vers:all/*
Rockwell Automation · 1756-EN3TR Series A vers:all/*

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more