First published: Fri Dec 16 2022(Updated: )
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.
Credit: PSIRT@rockwellautomation.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Micrologix 1400 Firmware | ||
Rockwellautomation Micrologix 1400 | ||
Rockwellautomation Micrologix 1100 Firmware | ||
Rockwellautomation Micrologix 1100 | ||
Rockwellautomation Micrologix 1400-b Firmware | <=21.007 | |
Rockwellautomation Micrologix 1400-b | ||
Rockwellautomation Micrologix 1400-c Firmware | <=21.007 | |
Rockwellautomation Micrologix 1400-c | ||
Rockwellautomation Micrologix 1400-a Firmware | <=7.000 | |
Rockwellautomation Micrologix 1400-a |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-46670.
The severity of CVE-2022-46670 is high with a CVSS score of 6.1.
The MicroLogix 1100 and 1400 controllers are affected by CVE-2022-46670.
CVE-2022-46670 may allow an attacker to execute remote code.
CVE-2022-46670 does not require authentication for exploitation.
Apply the latest firmware updates provided by Rockwell Automation to the affected MicroLogix 1100 and 1400 controllers.
You can find more information about CVE-2022-46670 on the Rockwell Automation website.
The CWE ID for CVE-2022-46670 is CWE-79.