Severity:
High
Advisory ID:
PN1612
Published Date:
December 13, 2022
Last Updated:
October 16, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
Yes
Downloads
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
Summary
MicroLogix 1100 and 1400 Web Server Application Vulnerable to Cross Site Scripting Attack
Revision History
Revision Number
1.0
Revision History
Version 1.0 – December 13, 2022
Executive Summary
Rockwell Automation received a vulnerability report from a security researcher from Georgia Institute of Technology. If exploited, this vulnerability could allow an attacker to submit remote code in the web server application on the targeted device.
Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply them where appropriate. Additional details relating to the discovered vulnerability, including the products in scope, impact, and recommended countermeasures, are provided below. We have not received any notice of this vulnerability previously being exploited in Rockwell Automation products.
Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply them where appropriate. Additional details relating to the discovered vulnerability, including the products in scope, impact, and recommended countermeasures, are provided below. We have not received any notice of this vulnerability previously being exploited in Rockwell Automation products.
Affected Products
- MicroLogix™ 1400 B/C v. 21.007 and below
- MicroLogix™ 1400 A v. 7.000 and below
- MicroLogix™ 1100 all versions
Vulnerability Details
Rockwell Automation was made aware that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.
(CVE 2022-46670) MicroLogix Controllers Vulnerable to Cross-Site Scripting Attack
(CVE 2022-46670) MicroLogix Controllers Vulnerable to Cross-Site Scripting Attack
CVSS Base Score: 8.2 /10 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LRisk Mitigation & User Action
Customers using the affected software are encouraged to implement the risk mitigations below to minimize the risk of vulnerability. Additionally, we encourage customers to combine the risk mitigations with security best practices, also provided below, to deploy a defense-in-depth strategy.
If applying the mitigations noted above are not possible, please see our Knowledgebase article QA43240 - Security Best Practices, for additional recommendations to maintain the security posture of your environment.
- Disable the web server, if possible (This component is an optional feature and disabling it will not disrupt the intended use of the device).
- Configure firewalls to disallow network communication through HTTP/Port 80
- Upgrade to the Micro800 family as this device does not have the web server component.
If applying the mitigations noted above are not possible, please see our Knowledgebase article QA43240 - Security Best Practices, for additional recommendations to maintain the security posture of your environment.
Additional Resources
Copyright ©2022 Rockwell Automation, Inc.