CVE-2022-46670
Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.1EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
16 dic 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Productos afectados
Rockwell Automation · MicroLogix 1100 & 1400 ControllersRockwell Automation · MicroLogix 1400-ARockwell Automation · MicroLogix 1400-B/C¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →