First published: Tue Jul 19 2022(Updated: )
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Micrologix 1100 Firmware | ||
Rockwellautomation Micrologix 1100 | ||
Rockwellautomation Micrologix 1400 Firmware | <=21.007 | |
Rockwellautomation Micrologix 1400 | ||
Rockwell Automation MicroLogix 1400 | <=21.007 | |
Rockwell Automation MicroLogix 1100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2179 is a vulnerability in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior that allows clickjacking attacks due to the X-Frame-Options header not being configured in the HTTP response.
CVE-2022-2179 has a severity rating of medium with a CVSS score of 6.5.
To fix CVE-2022-2179, upgrade to a version of Rockwell Automation MicroLogix 1100/1400 that is 21.007 or later and ensure that the X-Frame-Options header is properly configured in the HTTP response.
You can find more information about CVE-2022-2179 at the following references: [Reference 1](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994), [Reference 2](https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01).
Clickjacking is a technique where an attacker tricks a user into clicking on a malicious link by hiding it behind a legitimate-looking element on a web page.