Severity:
High
Advisory ID:
PN1611
Published Date:
December 13, 2022
Last Updated:
October 16, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
Yes
Downloads
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
Summary
MicroLogix 1100 and 1400 Product Web Server Application Vulnerable to Denial-Of-Service Condition Attack
Revision History
Revision Number
1.0
Revision History
Version 1.0 – December 13, 2022
Executive Summary
Rockwell Automation received a vulnerability report from security researchers at Veermata Jijabai Technological Institute (VJTI). If exploited, this vulnerability could cause a denial-of-service condition in the web server application on the targeted device.
Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply them where appropriate. Additional details relating to the discovered vulnerability, including the products in scope, impact, and recommended countermeasures, are provided below. We have not received any notice of this vulnerability being exploited in Rockwell Automation products.
Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply them where appropriate. Additional details relating to the discovered vulnerability, including the products in scope, impact, and recommended countermeasures, are provided below. We have not received any notice of this vulnerability being exploited in Rockwell Automation products.
Affected Products
- MicroLogix™ 1400 B/C v. 21.007 and below
- MicroLogix™ 1400 A v. 7.000 and below
- MicroLogix™ 1100 all versions
Vulnerability Details
Rockwell Automation was made aware that the webserver of the Micrologix-1400 B PLC contains a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device.
(CVE 2022-3166) MicroLogix Controllers Vulnerable to Clickjacking Attack
(CVE 2022-3166) MicroLogix Controllers Vulnerable to Clickjacking Attack
CVSS Base Score: 7.5 /10 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HRisk Mitigation & User Action
Customers using the affected software are encouraged to implement the risk mitigations below to minimize the risk of vulnerability. Additionally, we encourage customers to combine the risk mitigations with security best practices, also provided below, to deploy a defense-in-depth strategy.
- Disable the web server, if possible (This component is an optional feature and disabling it will not disrupt the intended use of the device)
- Configure firewalls to disallow network communication through HTTP/Port 80
- Upgrade to the MicroLogix 800 or MicroLogix 850 as this device does not have the web server component
Additional Resources
Copyright ©2022 Rockwell Automation, Inc.