6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
19.4%
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500693);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2022-2179");
script_name(english:"Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames (CVE-2022-2179)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400
Versions 21.007 and prior is not configured in the HTTP response,
which could allow clickjacking attacks.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01");
# https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?24a0c66e");
# https://www.rockwellautomation.com/en-us/support/advisory.PN1597.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?191d7a7c");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk.
Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also
provided below) to deploy a defense-in-depth strategy.
- Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the
intended use of the device).
- Configure firewalls to disallow network communication through HTTP/Port 80
If applying the mitigations noted above are not possible, please see Rockwell Automationรขยยs Knowledgebase article QA43240
Security Best Practices.
For more information, please see the industrial security advisory from Rockwell Automation.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2179");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(1021);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/20");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/02");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:micrologix_1100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:micrologix_1400_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Rockwell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Rockwell');
var asset = tenable_ot::assets::get(vendor:'Rockwell');
var vuln_cpes = {
"cpe:/o:rockwellautomation:micrologix_1100_firmware" :
{"family" : "MicroLogix1100"},
"cpe:/o:rockwellautomation:micrologix_1400_firmware" :
{"versionEndIncluding" : "21.007", "family" : "MicroLogix1400"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
rockwellautomation | micrologix_1100_firmware | cpe:/o:rockwellautomation:micrologix_1100_firmware | |
rockwellautomation | micrologix_1400_firmware | cpe:/o:rockwellautomation:micrologix_1400_firmware |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
19.4%