{"api_version":"1","generated_at":"2026-06-04T12:59:51+00:00","cve":"CVE-2016-2279","urls":{"html":"https://cve.report/CVE-2016-2279","api":"https://cve.report/api/cve/CVE-2016-2279.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-2279","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-2279"},"summary":{"title":"CVE-2016-2279","description":"Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","state":"PUBLISHED","assigner":"icscert","published_at":"2016-03-02 11:59:03","updated_at":"2026-06-03 14:16:18"},"problem_types":["CWE-79","n/a","CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securitytracker.com/id/1035190","name":"http://www.securitytracker.com/id/1035190","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"Rockwell Automation CompactLogix Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/44626/","name":"https://www.exploit-db.com/exploits/44626/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Rockwell Scada System 27.011 - Cross-Site Scripting - Windows webapps Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02","name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting Vulnerability | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-2279","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2279","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2f_series_a","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2f_series_a_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2f_series_b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2f_series_b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2tr_series_a","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2tr_series_a_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2tr_series_b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2tr_series_b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2t_series_a","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2t_series_a_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2t_series_b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2t_series_b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2t_series_c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2t_series_c_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2t_series_d","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"10.007","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en2t_series_d_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en3tr_series_a","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1756-en3tr_series_a_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l16er-bb1b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l16er-bb1b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l18er-bb1b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l18er-bb1b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l18erm-bb1b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l18erm-bb1b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l23e-qb1b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"20.018","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l23e-qb1b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l23e-qbfc1b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"20.018","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l23e-qbfc1b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l24er-qb1b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l24er-qb1b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l24er-qbfc1b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l24er-qbfc1b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l27erm-qbfc1b","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l27erm-qbfc1b_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l30er","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l30er-nse","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l30er-nse_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l30erm","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l30erm_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l30er_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l33er","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l33erm","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l33erm_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l33er_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l36erm","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2279","vulnerable":"1","versionEndIncluding":"27.011","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"rockwellautomation","cpe5":"compactlogix_1769-l36erm_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2016","cve_id":"2279","cve":"CVE-2016-2279","epss":"0.005460000","percentile":"0.681620000","score_date":"2026-06-03","updated_at":"2026-06-04 00:06:34"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T23:24:48.329Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1035190","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1035190"},{"name":"44626","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/44626/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2016-2279","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-03T13:42:31.274891Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-03T13:44:03.190Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2016-03-01T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-05-19T09:57:01.000Z","orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert"},"references":[{"name":"1035190","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1035190"},{"name":"44626","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/44626/"},{"tags":["x_refsource_MISC"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2016-2279","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1035190","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1035190"},{"name":"44626","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/44626/"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02"}]}}}},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2016-2279","datePublished":"2016-03-02T11:00:00.000Z","dateReserved":"2016-02-09T00:00:00.000Z","dateUpdated":"2026-06-03T13:44:03.190Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2016-03-02 11:59:03","lastModifiedDate":"2026-06-03 14:16:18","problem_types":["CWE-79","n/a","CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l16er-bb1b_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"29E82D3C-0B61-4C04-8D6A-421340BB4393"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l16er-bb1b:-:*:*:*:*:*:*:*","matchCriteriaId":"74D0FCCA-640C-499D-A3E5-018FD334C761"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l18er-bb1b_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"1E6C0BBB-F802-4D8E-9F82-E14229ECD449"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l18er-bb1b:-:*:*:*:*:*:*:*","matchCriteriaId":"EF975B1A-D3CE-495C-9A84-2CF4274687C2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l18erm-bb1b_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"6728FF66-F294-4198-9CB4-675BDF112F03"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l18erm-bb1b:-:*:*:*:*:*:*:*","matchCriteriaId":"4AAC1C57-CD59-4459-B037-28D179DF8818"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l24er-qb1b_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"8E3DB264-8F8F-4B72-94BE-7B2FF3E96AC5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l24er-qb1b:-:*:*:*:*:*:*:*","matchCriteriaId":"7BACD59C-44A6-4B5B-AE98-E64361581D86"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l24er-qbfc1b_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"CA427BEC-D40F-484E-BDC7-E68A5B199818"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l24er-qbfc1b:-:*:*:*:*:*:*:*","matchCriteriaId":"5390AF53-D808-4FCF-B39B-1835EBDC2FC7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l27erm-qbfc1b_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"00BA17FA-5836-491E-AB58-1CFB537B861A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l27erm-qbfc1b:-:*:*:*:*:*:*:*","matchCriteriaId":"98A92CC7-E6B3-4110-8B9F-9C483AE523F7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l30er_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"9489D003-036F-4C68-8EA5-5D38C50E5DFC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l30er:-:*:*:*:*:*:*:*","matchCriteriaId":"3FB0AB23-EED7-4A6B-8B19-41ADAD3CC109"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l30erm_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"C1209809-9F62-4CC3-947A-ED694D18092E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l30erm:-:*:*:*:*:*:*:*","matchCriteriaId":"5C12EC13-C5A8-409E-BA61-30912D9C18D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l30er-nse_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"0B893D1A-949D-47D1-A547-CC0883AC1422"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l30er-nse:-:*:*:*:*:*:*:*","matchCriteriaId":"A28922E6-DC6B-4290-B7C4-D3159778C74E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l33er_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"F5E30EA9-0133-4705-8E56-04A73E577B3F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l33er:-:*:*:*:*:*:*:*","matchCriteriaId":"FEB15370-768D-42F1-BB7B-F919B507910C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l33erm_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"AC872DF7-4225-49AF-990B-5CB36F16BCAC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l33erm:-:*:*:*:*:*:*:*","matchCriteriaId":"21AAB46D-43CB-4A6B-9EA0-4FEA1F22AFC8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l36erm_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"27.011","matchCriteriaId":"2CC604A4-8D26-40AB-91F0-9D9D7479C984"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l36erm:-:*:*:*:*:*:*:*","matchCriteriaId":"519467C1-2EE6-4A75-B04C-409E5A111473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l23e-qb1b_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"20.018","matchCriteriaId":"312E4B19-D739-4790-9861-A6FF9838F9D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l23e-qb1b:-:*:*:*:*:*:*:*","matchCriteriaId":"B727E262-837B-4805-AED1-0A2B67F3F419"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1769-l23e-qbfc1b_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"20.018","matchCriteriaId":"F94E9C64-B56B-4887-BBB1-A3B746F03716"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1769-l23e-qbfc1b:-:*:*:*:*:*:*:*","matchCriteriaId":"4110720F-6CBF-4EC8-BB13-E6E546CCD38B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1756-en2f_series_a_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"102DC432-6651-4B65-9125-B647AF827763"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1756-en2f_series_a:-:*:*:*:*:*:*:*","matchCriteriaId":"1E3C8EAD-86B6-4E15-BEC7-84A9B96610FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1756-en2f_series_b_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"113AD581-CA23-40E0-BF8B-CEEEBCEBEEE1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1756-en2f_series_b:-:*:*:*:*:*:*:*","matchCriteriaId":"660B516C-C272-43D7-98C3-899BD32B68EF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_a_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"9235FFD9-54A8-46A7-890B-F9A5859140DC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1756-en2t_series_a:-:*:*:*:*:*:*:*","matchCriteriaId":"766F4673-114B-4FBB-9AB2-7D61AB468F53"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_b_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"D3E6782D-C69A-4877-9F95-FB276E8A5D81"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1756-en2t_series_b:-:*:*:*:*:*:*:*","matchCriteriaId":"09D974B7-453B-46D9-9C11-899E57E9E3E8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"991A44E9-E79C-46ED-9ABA-19492877E0DE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1756-en2t_series_c:-:*:*:*:*:*:*:*","matchCriteriaId":"2D8A95D5-D3CF-4A5C-B06C-E3FEEA21059A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1756-en2t_series_d_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10.007","matchCriteriaId":"07E5BF49-8E02-4202-A2FB-0BEBFFF98FA0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1756-en2t_series_d:-:*:*:*:*:*:*:*","matchCriteriaId":"D2921B42-4D68-4489-9FE6-07C4B71A6465"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1756-en2tr_series_a_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"431EC8A4-412C-4523-9E0D-FB6507CB9E03"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1756-en2tr_series_a:-:*:*:*:*:*:*:*","matchCriteriaId":"12B26FEC-27DF-4F03-8800-5B378B3647A8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1756-en2tr_series_b_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"55D01607-9B6E-4FDD-A62A-A8EA1DC79ECC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1756-en2tr_series_b:-:*:*:*:*:*:*:*","matchCriteriaId":"A417416D-8CCB-433B-B663-E6842965956C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:compactlogix_1756-en3tr_series_a_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"9963F5D0-CBBB-4D11-BFBE-EA1F3F70E3A7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:compactlogix_1756-en3tr_series_a:-:*:*:*:*:*:*:*","matchCriteriaId":"F9DAEA1C-4F31-41E8-A072-F7118ABA9A55"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"2279","Ordinal":"1","Title":"CVE-2016-2279","CVE":"CVE-2016-2279","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"2279","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Type":"Description","Title":"CVE-2016-2279"},{"CveYear":"2016","CveId":"2279","Ordinal":"2","NoteData":"2016-03-02","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"2279","Ordinal":"3","NoteData":"2018-05-19","Type":"Other","Title":"Modified"}]}}}