CVE-2022-46670

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137679	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:rockwellautomation:micrologix_1400-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1400-b:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:rockwellautomation:micrologix_1400-c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1400-c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:rockwellautomation:micrologix_1400-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1400-a:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-12-16 21:15

Updated : 2023-11-07 03:55

NVD link : CVE-2022-46670

Mitre link : CVE-2022-46670

CVE.ORG link : CVE-2022-46670

JSON object : View

Products Affected

rockwellautomation

micrologix_1100
micrologix_1400-b
micrologix_1400_firmware
micrologix_1400-b_firmware
micrologix_1100_firmware
micrologix_1400-c
micrologix_1400-a_firmware
micrologix_1400
micrologix_1400-a
micrologix_1400-c_firmware

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-46670", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.8}]}, "published": "2022-12-16T21:15:09.040", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137679", "tags": ["Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "\nRockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute\u00a0of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. \u00a0The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website. \n\n"}, {"lang": "es", "value": "Un investigador de seguridad del Instituto de Tecnolog\u00eda de Georgia inform\u00f3 a Rockwell Automation de una vulnerabilidad que indica que los controladores MicroLogix 1100 y 1400 contienen una vulnerabilidad que puede brindarle a un atacante la capacidad de realizar la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad es de Cross-Site Scripting almacenado, no autenticada en el servidor web integrado. El payload se transfiere al controlador a trav\u00e9s de SNMP y se representa en la p\u00e1gina de inicio del sitio web integrado."}], "lastModified": "2023-11-07T03:55:46.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11507EFF-5C53-4217-9257-21936118C032"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "196EA0BE-FDF3-46BE-B3DA-5F49208C5D80"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCE86CDF-12CC-4B02-942D-BF9134218F2B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DA42C7F4-EEC1-44D2-BD46-237969FF6E1A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400-b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C4D215-CB09-4BEA-89A6-2BAACD461FBE", "versionEndIncluding": "21.007"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400-b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D01BD0A-CA96-4882-8523-EC4D522DA4AF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400-c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD745E1D-10D9-4FD6-9F7C-63CB51F3C454", "versionEndIncluding": "21.007"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400-c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC9A2DE5-E745-4F1B-931C-E11814A7D23A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400-a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E2B3E77-CF64-4D7F-A849-5462CABB576D", "versionEndIncluding": "7.000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400-a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "81AFED05-B927-4BF7-ABC5-5E3F7555593D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}