ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames
CVE-2022-2179

6.5MEDIUM

Key Information:

Vendor: Rockwell Automation
Status: Micrologix 1400; Micrologix 1100
Vendor: CVE Published:; 19 July 2022

Summary

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.

Affected Version(s)

MicroLogix 1100 All versions

MicroLogix 1400 <= 21.007

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01

x_refsource_CONFIRM

https://rockwellautomation.custhelp.com/app/answers/answe...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Jun 22, 2022

Credit

Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation.