CVE-2022-46670

Published: Dec 16, 2022

Modified: Apr 17, 2025

PUBLISHED

CVSS v3.1

7.1

HIGH

Description

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

Vendor	Product	Versions
Rockwell Automation	MicroLogix 1100 & 1400 Controllers	affected `All`
Rockwell Automation	MicroLogix 1400-B/C	affected `21.007 and below`
Rockwell Automation	MicroLogix 1400-A	affected `7.000 and below`

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137679

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-46670

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References