Loading

PN1597 | MicroLogix 1400/1100 Vulnerable to Clickjacking Vulnerability

Severity:
Medium
Advisory ID:
PN1597
Date de publication:
July 07, 2022
Date de la dernière mise à jour:
July 07, 2022
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Non
Corrected:
Non
Workaround:
Non
CVE IDs
CVE-2022-2179
Résumé
MicroLogix 1400/1100 Vulnerable to Clickjacking Vulnerability

Revision History
Revision History
Version 1.0 – July 7, 2022

Executive Summary

Rockwell Automation received a vulnerability report from Pawan V. Sable and Pranita Sadgir, and Dr. Faruk Kazi of COE-CNDS from Veermata Jijabai Technological Institute (VJTI) India. If exploited, this vulnerability could potentially have a high impact on the confidentiality of the targeted device.

Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply them where appropriate. Additional details relating to the discovered vulnerability, including the products in scope, impact, and recommended countermeasures, are provided herein. We have not received any notice of this vulnerability being exploited in Rockwell Automation products.

Affected Products

  • MicroLogix™ 1400 v. 21.007 and below
  • MicroLogix™ 1100 all versions

Vulnerability Details

Rockwell Automation was made aware that the X-Frame-Options header is not configured in the HTTP response and allows potential clickjacking attacks. Exploitation of this vulnerability could potentially allow a malicious user to trick a legitimate user into using an untrusted website. If exploited, this vulnerability could lead to a loss of sensitive information, such as authentication credentials.

(CVE 2022 - 2179) MicroLogix Controllers Vulnerable to Clickjacking Attack
CVSS Base Score: 6.5 /10 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Risk Mitigation & User Action

Customers using the affected software are encouraged to implement the risk mitigations below to minimize the risk of vulnerability. Additionally, we encourage customers to combine the risk mitigations with security best practices, also provided below, to deploy a defense-in-depth strategy.
  • Disable the web server, if possible (This component is an optional feature and disabling it will not disrupt the intended use of the device)
  • Configure firewalls to disallow network communication through HTTP/Port 80
If applying the mitigations noted above are not possible, please see our Knowledgebase article QA43240 - Security Best Practices, for additional recommendations to maintain the security posture of your environment.

References

  • CVE-2022-2179

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Ûníîtééd Kíîngdòóm Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Veuillez mettre à jour vos préférences en matière de cookies pour continuer.
Cette fonctionnalité nécessite des cookies pour améliorer votre expérience. Veuillez mettre à jour vos préférences pour autoriser ces cookies:
  • Cookies de réseaux sociaux
  • Cookies fonctionnels
  • Cookies de performances
  • Cookies marketing
  • Tous les cookies
Vous pouvez mettre à jour vos préférences à tout moment. Pour plus d'informations, veuillez consulter notre politique de confidentialité
CloseClose