Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ROCKWELL_CVE-2022-3166.NASLHistoryJan 05, 2023 - 12:00 a.m.
Rockwell Automation MicroLogix 1100 and 1400 Improper Restriction of Rendered UI Layers or Frames (CVE-2022-3166)
2023-01-0500:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
rockwell automation
micrologix
1100
1400
webserver
vulnerability
denial-of-service
tenable.ot
network access
0.001 Low
EPSS
Percentile
25.2%
Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500723);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2022-3166");
script_name(english:"Rockwell Automation MicroLogix 1100 and 1400 Improper Restriction of Rendered UI Layers or Frames (CVE-2022-3166)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Rockwell Automation was made aware that the webservers of the
Micrologix 1100 and 1400 controllers contain a vulnerability that may
lead to a denial-of-service condition. The security vulnerability
could be exploited by an attacker with network access to the affected
systems by sending TCP packets to webserver and closing it abruptly
which would cause a denial-of-service condition for the web server
application on the device
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137678
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c060e574");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-354-04");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Rockwell Automation recommends users of the affected products to take the following actions:
- Disable the web server, if possible (This component is an optional feature and disabling it will not disrupt the
intended use of the device)
- Configure firewalls to disallow network communication through HTTP/Port 802
- Upgrade to the MicroLogix 800 or MicroLogix 850 as this device does not have the web server component
Rockwell Automation also recommends users to employ cybersecurity best practices, as outlined in their Knowledgebase
article.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3166");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(924);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/16");
script_set_attribute(attribute:"patch_publication_date", value:"2022/12/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/05");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:micrologix_1100_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:micrologix_1400_firmware:-");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Rockwell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Rockwell');
var asset = tenable_ot::assets::get(vendor:'Rockwell');
var vuln_cpes = {
"cpe:/o:rockwellautomation:micrologix_1100_firmware:-" :
{"family" : "MicroLogix1100"},
"cpe:/o:rockwellautomation:micrologix_1400_firmware:-" :
{"family" : "MicroLogix1400"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rockwellautomation | micrologix_1100_firmware | - | cpe:/o:rockwellautomation:micrologix_1100_firmware:- |
| rockwellautomation | micrologix_1400_firmware | - | cpe:/o:rockwellautomation:micrologix_1400_firmware:- |
Related
cve
cve
CVE-2022-3166
2022-12-16 20:15:08
prion
prion
Race condition
2022-12-16 20:15:00
nvd
nvd
CVE-2022-3166
2022-12-16 20:15:08
cvelist
cvelist
ics
ics
Rockwell Automation MicroLogix 1100 and 1400
2022-12-20 12:00:00