Lucene search

IcscertCVELIST:CVE-2022-2179

HistoryJul 19, 2022 - 12:00 a.m.

CVE-2022-2179 ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames

2022-07-1900:00:00

CWE-1021

icscert

www.cve.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.

CNA Affected

[
  {
    "product": "MicroLogix 1400",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "lessThanOrEqual": "21.007",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "MicroLogix 1100",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

References

rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994

www.cisa.gov/uscert/ics/advisories/icsa-22-188-01

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for CVELIST:CVE-2022-2179