Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ROCKWELL_CVE-2022-46670.NASL
HistoryJan 05, 2023 - 12:00 a.m.

Rockwell Automation MicroLogix 1100 and 1400 Improper Neutralization of Input During Web Page Generation (CVE-2022-46670)

2023-01-0500:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
rockwell automation
micrologix 1100
micrologix 1400
vulnerability
remote code execution
unauthenticated
stored
cross-site scripting
webserver
snmp
tenable.ot

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500724);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2022-46670");

  script_name(english:"Rockwell Automation MicroLogix 1100 and 1400 Improper Neutralization of Input During Web Page Generation (CVE-2022-46670)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Rockwell Automation was made aware of a vulnerability by a security
researcher from Georgia Institute of Technology that the MicroLogix
1100 and 1400 controllers contain a vulnerability that may give an
attacker the ability to accomplish remote code execution. The
vulnerability is an unauthenticated stored cross-site scripting
vulnerability in the embedded webserver. The payload is transferred to
the controller over SNMP and is rendered on the homepage of the
embedded website.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137679
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?30440f54");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-354-04");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Rockwell Automation recommends users of the affected products to take the following actions:

- Disable the web server, if possible (This component is an optional feature and disabling it will not disrupt the
intended use of the device)
- Configure firewalls to disallow network communication through HTTP/Port 802
- Upgrade to the MicroLogix 800 or MicroLogix 850 as this device does not have the web server component

Rockwell Automation also recommends users to employ cybersecurity best practices, as outlined in their Knowledgebase
article.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-46670");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:micrologix_1100_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:micrologix_1400-a_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:micrologix_1400-b_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:micrologix_1400-c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:micrologix_1400_firmware:-");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Rockwell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Rockwell');

var asset = tenable_ot::assets::get(vendor:'Rockwell');

var vuln_cpes = {
    "cpe:/o:rockwellautomation:micrologix_1400_firmware:-" :
        {"family" : "MicroLogix1400"},
    "cpe:/o:rockwellautomation:micrologix_1100_firmware:-" :
        {"family" : "MicroLogix1100"},
    "cpe:/o:rockwellautomation:micrologix_1400-b_firmware" :
        {"versionEndIncluding" : "21.007", "family" : "MicroLogix1400"},
    "cpe:/o:rockwellautomation:micrologix_1400-c_firmware" :
        {"versionEndIncluding" : "21.007", "family" : "MicroLogix1400"},
    "cpe:/o:rockwellautomation:micrologix_1400-a_firmware" :
        {"versionEndIncluding" : "7.000", "family" : "MicroLogix1400"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
rockwellautomationmicrologix_1100_firmware-cpe:/o:rockwellautomation:micrologix_1100_firmware:-
rockwellautomationmicrologix_1400-a_firmwarecpe:/o:rockwellautomation:micrologix_1400-a_firmware
rockwellautomationmicrologix_1400-b_firmwarecpe:/o:rockwellautomation:micrologix_1400-b_firmware
rockwellautomationmicrologix_1400-c_firmwarecpe:/o:rockwellautomation:micrologix_1400-c_firmware
rockwellautomationmicrologix_1400_firmware-cpe:/o:rockwellautomation:micrologix_1400_firmware:-

Related

prion 1
nvd 1
cvelist 1
cve 1
ics 1
prion
prion
Cross site scripting
2022-12-16 21:15:00
nvd
nvd
CVE-2022-46670
2022-12-16 21:15:09
cvelist
cvelist
CVE-2022-46670 Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack
2022-12-16 20:12:22
cve
cve
CVE-2022-46670
2022-12-16 21:15:09
ics
ics
Rockwell Automation MicroLogix 1100 and 1400
2022-12-20 12:00:00

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON
Related for TENABLE_OT_ROCKWELL_CVE-2022-46670.NASL
prion1nvd1cvelist1cve1ics1