Loading

MicroLogix 1100 and 1400 Web Server Application Vulnerable to Cross Site Scripting Attack

Severity:
High
Advisory ID:
PN1612
Data pubblicazione:
December 13, 2022
Ultimo aggiornamento:
October 16, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
Sì
Download
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
Riepilogo
MicroLogix 1100 and 1400 Web Server Application Vulnerable to Cross Site Scripting Attack

 

Revision History
Revision Number
1.0
Revision History
Version 1.0 – December 13, 2022

Executive Summary

Rockwell Automation received a vulnerability report from a security researcher from Georgia Institute of Technology. If exploited, this vulnerability could allow an attacker to submit remote code in the web server application on the targeted device.

Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply them where appropriate. Additional details relating to the discovered vulnerability, including the products in scope, impact, and recommended countermeasures, are provided below. We have not received any notice of this vulnerability previously being exploited in Rockwell Automation products.

Affected Products

  • MicroLogix™ 1400 B/C v. 21.007 and below
  • MicroLogix™ 1400 A v. 7.000 and below
  • MicroLogix™ 1100 all versions

Vulnerability Details

Rockwell Automation was made aware that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution.  The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

(CVE 2022-46670) MicroLogix Controllers Vulnerable to Cross-Site Scripting Attack
CVSS Base Score: 8.2 /10 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Risk Mitigation & User Action

Customers using the affected software are encouraged to implement the risk mitigations below to minimize the risk of vulnerability. Additionally, we encourage customers to combine the risk mitigations with security best practices, also provided below, to deploy a defense-in-depth strategy.
  • Disable the web server, if possible (This component is an optional feature and disabling it will not disrupt the intended use of the device).
  • Configure firewalls to disallow network communication through HTTP/Port 80
  • Upgrade to the Micro800 family as this device does not have the web server component.

If applying the mitigations noted above are not possible, please see our Knowledgebase article QA43240 - Security Best Practices, for additional recommendations to maintain the security posture of your environment.
 
Additional Resources
  • CVE-2022-46670 JSON

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Ùníïtêëd Kíïngdõòm Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Aggiorna le tue preferenze sui cookie per continuare.
Questa funzionalità richiede i cookie per migliorare la tua esperienza. Ti preghiamo di aggiornare le tue preferenze per consentire questi cookie:
  • Cookie dei social media
  • Cookie funzionali
  • Cookie di prestazione
  • Cookie di marketing
  • Tutti i cookie
Puoi aggiornare le tue preferenze in qualsiasi momento. Per ulteriori informazioni consultare il nostro {0} politica sulla riservatezza
CloseClose