CVE-2022-46670 - OpenCVE

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Rockwellautomation	Micrologix 1100 Firmware Micrologix 1100 Micrologix 1400-b Micrologix 1400-a Firmware Micrologix 1400-a Micrologix 1400 Micrologix 1400 Firmware Micrologix 1400-c Firmware Micrologix 1400-c Micrologix 1400-b Firmware

Configuration 1 [-]

AND

cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:rockwellautomation:micrologix_1400-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1400-b:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:rockwellautomation:micrologix_1400-c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1400-c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:rockwellautomation:micrologix_1400-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:micrologix_1400-a:-:*:*:*:*:*:*:*

References

Link	Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137679	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Rockwell

Published: 2022-12-16T20:12:22.414Z

Updated:

Reserved: 2022-12-06T15:27:58.542Z

Link: CVE-2022-46670

JSON object: View

NVD Information

Status : Modified

Published: 2022-12-16T21:15:09.040

Modified: 2023-11-07T03:55:46.057

Link: CVE-2022-46670

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-46670", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "requesterUserId": "20b06643-9bf3-4d1d-a98d-f8db99f95a31", "dateReserved": "2022-12-06T15:27:58.542Z", "datePublished": "2022-12-16T20:12:22.414Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MicroLogix 1100 & 1400 Controllers", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "All"}]}, {"defaultStatus": "unaffected", "product": "MicroLogix 1400-B/C", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "21.007 and below"}]}, {"defaultStatus": "unaffected", "product": "MicroLogix 1400-A", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "7.000 and below"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ryan Pickren, a security researcher from Georgia Institute of Technology"}], "datePublic": "2022-12-13T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution.  The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website. </span>\n\n"}], "value": "\nRockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute\u00a0of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. \u00a0The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website. \n\n"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2022-12-16T20:12:22.414Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137679"}], "source": {"discovery": "UNKNOWN"}, "title": "Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "11507EFF-5C53-4217-9257-21936118C032", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "196EA0BE-FDF3-46BE-B3DA-5F49208C5D80", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCE86CDF-12CC-4B02-942D-BF9134218F2B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA42C7F4-EEC1-44D2-BD46-237969FF6E1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400-b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6C4D215-CB09-4BEA-89A6-2BAACD461FBE", "versionEndIncluding": "21.007", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D01BD0A-CA96-4882-8523-EC4D522DA4AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400-c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD745E1D-10D9-4FD6-9F7C-63CB51F3C454", "versionEndIncluding": "21.007", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400-c:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC9A2DE5-E745-4F1B-931C-E11814A7D23A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:micrologix_1400-a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E2B3E77-CF64-4D7F-A849-5462CABB576D", "versionEndIncluding": "7.000", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:micrologix_1400-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "81AFED05-B927-4BF7-ABC5-5E3F7555593D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nRockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute\u00a0of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. \u00a0The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website. \n\n"}, {"lang": "es", "value": "Un investigador de seguridad del Instituto de Tecnolog\u00eda de Georgia inform\u00f3 a Rockwell Automation de una vulnerabilidad que indica que los controladores MicroLogix 1100 y 1400 contienen una vulnerabilidad que puede brindarle a un atacante la capacidad de realizar la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad es de Cross-Site Scripting almacenado, no autenticada en el servidor web integrado. El payload se transfiere al controlador a trav\u00e9s de SNMP y se representa en la p\u00e1gina de inicio del sitio web integrado."}], "id": "CVE-2022-46670", "lastModified": "2023-11-07T03:55:46.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2022-12-16T21:15:09.040", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137679"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}