Rockwell Automation MicroLogix 1100 and 1400 Improper Neutralization of Input During Web Page Generation (CVE-2022-46670)

medium Tenable OT Security Plugin ID 500724

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Rockwell Automation recommends users of the affected products to take the following actions:

- Disable the web server, if possible (This component is an optional feature and disabling it will not disrupt the intended use of the device)
- Configure firewalls to disallow network communication through HTTP/Port 802
- Upgrade to the MicroLogix 800 or MicroLogix 850 as this device does not have the web server component

Rockwell Automation also recommends users to employ cybersecurity best practices, as outlined in their Knowledgebase article.

See Also

http://www.nessus.org/u?30440f54

https://www.cisa.gov/news-events/ics-advisories/icsa-22-354-04

Plugin Details

Severity: Medium

ID: 500724

Version: 1.8

Type: remote

Family: Tenable.ot

Published: 1/5/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2022-46670

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:rockwellautomation:micrologix_1400-b_firmware, cpe:/o:rockwellautomation:micrologix_1400_firmware:-, cpe:/o:rockwellautomation:micrologix_1100_firmware:-, cpe:/o:rockwellautomation:micrologix_1400-c_firmware, cpe:/o:rockwellautomation:micrologix_1400-a_firmware

Required KB Items: Tenable.ot/Rockwell

Exploit Ease: No known exploits are available

Patch Publication Date: 12/16/2022

Vulnerability Publication Date: 12/16/2022

Reference Information

CVE: CVE-2022-46670

CWE: 79

ICSA: 22-354-04