CVE-2022-3166 MicroLogix 1100 & 1400 Product Web Server Application Vulnerable to Denial-Of-Service Condition Attack

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packet...

Rockwell Automation MicroLogix 1100 和 MicroLogix 1400 跨站脚本漏洞

The Rockwell Automation MicroLogix 1400 and the Rockwell Automation MicroLogix 1100 are both products of Rockwell Automation, Inc. The Rockwell Automation MicroLogix 1400 and Rockwell Automation MicroLogix 1100 are both Rockwell Automation products. A security vulnerability exists in the MicroLog...

Rockwell Automation MicroLogix 1100和MicroLogix 1400 安全漏洞

The Rockwell Automation MicroLogix 1400 and the Rockwell Automation MicroLogix 1100 are both products of Rockwell Automation, Inc. The Rockwell Automation MicroLogix 1400 and Rockwell Automation MicroLogix 1100 are both products of Rockwell Automation, Inc. The Rockwell Automation MicroLogix 1400...

PT-2022-27942 · Allen Bradley · Micrologix 1400 +1

Name of the Vulnerable Software and Affected Versions: MicroLogix 1100 and 1400 controllers affected versions not specified Description: The issue is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver of the controllers. This may allow an attacker to accomplish...

The vulnerability of the web server of the microprogramming software for Micrologix 1100 and 1400 allows attackers to carry out attacks using clickjacking techniques.

The vulnerability of Micrologix 1100 and 1400 microprogrammed logic controllers’ web servers is related to improper restrictions on the displayed layers of the user interface. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames (CVE-2022-2179)

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. C...

CVE-2022-2179

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks...

CVE-2022-2179

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks...

Design/Logic Flaw

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks...

CVE-2022-2179 ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks...

CVE-2022-2179

CVE-2022-2179 affects Rockwell Automation MicroLogix 1100/1400 (versions 21.007 and prior) where the X-Frame-Options header is not configured in HTTP responses, enabling potential clickjacking. The ICS advisory ICSA-22-188-01 confirms affected devices and a CVSS v3 base score of 6.5 (NETWORK, LOW...

CVE-2022-2179 ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks...

Rockwell Automation MicroLogix 1100 和 1400 安全漏洞

The Rockwell Automation MicroLogix 1400 and Rockwell Automation MicroLogix 1100 are both products of Rockwell Automation, Inc.The Rockwell Automation MicroLogix 1400 is a programmable logic controller. The Rockwell Automation MicroLogix 1400 is a programmable logic controller.The Rockwell...

Rockwell Automation MicroLogix

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100/1400 Vulnerability: Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

Rockwell Automation MicroLogix Cleartext Transmission of Sensitive Information (CVE-2016-9334)

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...

Rockwell Automation MicroLogix Resource Management Errors (CVE-2014-5410)

The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service process disruption via malformed packets over 1 an Ethernet network or 2 a...

Rockwell Automation MicroLogix Controllers and RSLogix 500 Software Cleartext Storage of Sensitive Information (CVE-2020-6980)

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol SMTP account data is saved in RSLogix 500, a local attacker with access to a...

Rockwell Automation MicroLogix 1400 Buffer Copy Without Checking Size of Input (CVE-2021-22659)

Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a...

Rockwell Automation ControlLogix controllers Resource Management Errors (CVE-2012-6435)

Rockwell Automation SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service control and communication outage via a CIP message that specifies a...

Rockwell Automation MicroLogix 1100 Controllers Improper Input Validation (CVE-2017-7924)

An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands PCCC packet to the...