CVE-2022-46670

Name of the Vulnerable Software and Affected Versions MicroLogix 1100 and 1400 controllers (affected versions not specified)

Description The issue is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver of the controllers. This may allow an attacker to accomplish remote code execution. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.