CVE-2022-2179

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
References
Link Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994 Permissions Required Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-20 16:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-2179

Mitre link : CVE-2022-2179

CVE.ORG link : CVE-2022-2179


JSON object : View

Products Affected

rockwellautomation

  • micrologix_1400
  • micrologix_1400_firmware
  • micrologix_1100_firmware
  • micrologix_1100
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames