Beau Taub

**Name of the Vulnerable Software and Affected Versions** Rapid7 InsightVM versions 6.6.178 and lower **Description** The issue allows an attacker to redirect the user to a site of their choice using the `page` parameter of the `data/console/redirect` component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. **Recommendations** For versions 6.6.178 and lower, update to version 6.6.179 or later to resolve the issue. As a temporary workaround, consider restricting access to the `data/console/redirect` component of the application until a patch is available. Avoid using the `page` parameter in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Rockwell Automation MicroLogix 1100, all versions **Description** The issue allows a remote, unauthenticated attacker to send specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, resulting in a denial-of-service condition. If successfully exploited, this will cause the controller to fault whenever the controller is switched to RUN mode. **Recommendations** For Rockwell Automation MicroLogix 1100, all versions, consider temporarily restricting access to the controller when switching to RUN mode until a patch is available. As a mitigation measure, restrict the ability to send specially crafted commands to the PLC to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.