CVE-2022-46670

CVSS V2 None CVSS V3 None
Description
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.
Overview
  • CVE ID
  • CVE-2022-46670
  • Assigner
  • PSIRT@rockwellautomation.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-16T21:15:09
  • Last Modified Date
  • 2022-12-22T18:28:28
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:micrologix_1400-b_firmware:*:*:*:*:*:*:*:* 1 OR 21.007
cpe:2.3:h:rockwellautomation:micrologix_1400-b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:micrologix_1400-c_firmware:*:*:*:*:*:*:*:* 1 OR 21.007
cpe:2.3:h:rockwellautomation:micrologix_1400-c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:micrologix_1400-a_firmware:*:*:*:*:*:*:*:* 1 OR 7.000
cpe:2.3:h:rockwellautomation:micrologix_1400-a:-:*:*:*:*:*:*:* 0 OR
History
Created Old Value New Value Data Type Notes
2022-12-18 09:31:56 Added to TrackCVE
2022-12-21 07:02:59 2022-12-16T21:15:09.040 2022-12-16T21:15:09 CVE Published Date updated
2022-12-21 07:03:00 2022-12-16T22:03:40 CVE Modified Date updated
2022-12-21 07:03:00 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-21 07:03:00 Weakness Enumeration new
2022-12-22 19:15:42 2022-12-22T18:28:28 CVE Modified Date updated
2022-12-22 19:15:42 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-22 19:15:43 CPE Information updated