Rockwell Automation MicroLogix 1100 and 1400 Improper Restriction of Rendered UI Layers or Frames (CVE-2022-3166)

high Tenable OT Security Plugin ID 500723

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Rockwell Automation recommends users of the affected products to take the following actions:

- Disable the web server, if possible (This component is an optional feature and disabling it will not disrupt the intended use of the device)
- Configure firewalls to disallow network communication through HTTP/Port 802
- Upgrade to the MicroLogix 800 or MicroLogix 850 as this device does not have the web server component

Rockwell Automation also recommends users to employ cybersecurity best practices, as outlined in their Knowledgebase article.

See Also

http://www.nessus.org/u?c060e574

https://www.cisa.gov/news-events/ics-advisories/icsa-22-354-04

Plugin Details

Severity: High

ID: 500723

Version: 1.6

Type: remote

Family: Tenable.ot

Published: 1/5/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-3166

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:rockwellautomation:micrologix_1400_firmware:-, cpe:/o:rockwellautomation:micrologix_1100_firmware:-

Required KB Items: Tenable.ot/Rockwell

Exploit Ease: No known exploits are available

Patch Publication Date: 12/16/2022

Vulnerability Publication Date: 12/16/2022

Reference Information

CVE: CVE-2022-3166

CWE: 924

ICSA: 22-354-04