What is CVE-2022-2179?

CVE-2022-2179 is a vulnerability in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior that allows clickjacking attacks due to the X-Frame-Options header not being configured in the HTTP response.

How severe is CVE-2022-2179?

CVE-2022-2179 has a severity rating of medium with a CVSS score of 6.5.

How can I fix CVE-2022-2179?

To fix CVE-2022-2179, upgrade to a version of Rockwell Automation MicroLogix 1100/1400 that is 21.007 or later and ensure that the X-Frame-Options header is properly configured in the HTTP response.

Where can I find more information about CVE-2022-2179?

You can find more information about CVE-2022-2179 at the following references: [Reference 1](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994), [Reference 2](https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01).

What is clickjacking?

Clickjacking is a technique where an attacker tricks a user into clicking on a malicious link by hiding it behind a legitimate-looking element on a web page.

Vulnerability/
CVE-2022-2179

medium

6.5

CWE

1021

19/7/2022

3/8/2024

CVE-2022-2179: ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames

First published: Tue Jul 19 2022(Updated: )

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Rockwellautomation Micrologix 1100 Firmware
Rockwellautomation Micrologix 1100
Rockwellautomation Micrologix 1400 Firmware	<=21.007
Rockwellautomation Micrologix 1400
Rockwell Automation MicroLogix 1400	<=21.007
Rockwell Automation MicroLogix 1100

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-22-188-01

Frequently Asked Questions

What is CVE-2022-2179?
CVE-2022-2179 is a vulnerability in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior that allows clickjacking attacks due to the X-Frame-Options header not being configured in the HTTP response.
How severe is CVE-2022-2179?
CVE-2022-2179 has a severity rating of medium with a CVSS score of 6.5.
How can I fix CVE-2022-2179?
To fix CVE-2022-2179, upgrade to a version of Rockwell Automation MicroLogix 1100/1400 that is 21.007 or later and ensure that the X-Frame-Options header is properly configured in the HTTP response.
Where can I find more information about CVE-2022-2179?
You can find more information about CVE-2022-2179 at the following references: [Reference 1](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994), [Reference 2](https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01).
What is clickjacking?
Clickjacking is a technique where an attacker tricks a user into clicking on a malicious link by hiding it behind a legitimate-looking element on a web page.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/weakness
agent/title
agent/first-publish-date
agent/description
agent/references
agent/severity
agent/softwarecombine
agent/event
agent/tags
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/rockwellautomation
canonical/rockwellautomation micrologix 1100 firmware
canonical/rockwellautomation micrologix 1100
canonical/rockwellautomation micrologix 1400 firmware
version/rockwellautomation micrologix 1400 firmware/21.007
canonical/rockwellautomation micrologix 1400
vendor/rockwell automation
canonical/rockwell automation micrologix 1400
version/rockwell automation micrologix 1400/21.007
canonical/rockwell automation micrologix 1100