Lucene search

K
cve[email protected]CVE-2022-3166
HistoryDec 16, 2022 - 8:15 p.m.

CVE-2022-3166

2022-12-1620:15:08
CWE-924
web.nvd.nist.gov
36
rockwell automation
micrologix
1100
1400
webserver
vulnerability
denial-of-service
nvd
cve-2022-3166

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device

Affected configurations

NVD
Node
rockwellautomationmicrologix_1100Match-
AND
rockwellautomationmicrologix_1100_firmwareMatch-
Node
rockwellautomationmicrologix_1400Match-
AND
rockwellautomationmicrologix_1400_firmwareMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MicroLogix 1100",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MicroLogix 1400-B/C",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "21.007 and below"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MicroLogix 1400-A",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "7.000 and below"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

Related for CVE-2022-3166