Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.
2022-12-16T21:15:09.040
2024-11-21T07:30:52.580
Modified
CVSSv3.1: 7.1 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | rockwellautomation | micrologix_1400_firmware | - | Yes |
| Hardware | rockwellautomation | micrologix_1400 | - | No |
| Operating System | rockwellautomation | micrologix_1100_firmware | - | Yes |
| Hardware | rockwellautomation | micrologix_1100 | - | No |
| Operating System | rockwellautomation | micrologix_1400-b_firmware | ≤ 21.007 | Yes |
| Hardware | rockwellautomation | micrologix_1400-b | - | No |
| Operating System | rockwellautomation | micrologix_1400-c_firmware | ≤ 21.007 | Yes |
| Hardware | rockwellautomation | micrologix_1400-c | - | No |
| Operating System | rockwellautomation | micrologix_1400-a_firmware | ≤ 7.000 | Yes |
| Hardware | rockwellautomation | micrologix_1400-a | - | No |