PT-2022-4950 · Rockwell Automation · Micrologix 1100/1400

Pawan V. Sable

Published

2022-07-07

Updated

2022-07-27

CVE-2022-2179

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rockwell Automation MicroLogix 1100/1400 versions 21.007 and prior

Description The issue is related to the X-Frame-Options header not being configured in the HTTP response, which could allow clickjacking attacks. This could enable a remote attacker to gain unauthorized access to protected information using a specially crafted link. The vulnerability is associated with incorrect restriction of visualized layers of the user interface.

Recommendations For versions 21.007 and prior, consider configuring the X-Frame-Options header in the HTTP response to prevent clickjacking attacks. As a temporary workaround, restrict access to sensitive information and user interfaces to minimize the risk of exploitation.

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

BDU:2022-06143

CVE-2022-2179

Affected Products

Micrologix 1100/1400

PT-2022-4950 · Rockwell Automation · Micrologix 1100/1400

CVE-2022-2179

Weakness Enumeration

Related Identifiers

Affected Products

References · 6