Rockwell Automation has patched a handful of vulnerabilities in its Allen-Bradley MicroLogix programmable logic controllers. Researchers say one vulnerability can be exploited with a single malicious URL. The so-called FrostyURL vulnerability affects a number of critical industries. The flaws range from memory corruption issues to unrestricted file uploads, cross-site scripting and SQL injection flaws. Rockwell has patched all but the buffer overflow vulnerability in one of the PLCs, which it said will be patched in upcoming firmware.
Source: https://threatpost.com/rockwell-patches-serious-frostyurl-plc-vulnerability/115196/