Vulnerabilities > CVE-2022-2179 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

rockwellautomation

CWE-1021

NVD

Published: 2022-07-20

Updated: 2022-07-27

Summary

The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation Micrologix 1100 Firmware * Rockwellautomation Micrologix 1400 Firmware - Rockwellautomation Micrologix 1400 Firmware 21.0 Rockwellautomation Micrologix 1400 Firmware 21.6 Rockwellautomation Micrologix 1400 Firmware 21.007	5
Hardware	Rockwellautomation Rockwellautomation Micrologix 1100 - Rockwellautomation Micrologix 1400 -	2

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References