Headline
CVE-2022-46670: Product Notice 1612: MicroLogix 1100 & 1400 Web Server Application Vulnerable to Cross Site Scripting Attack
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.
Skip Navigation
menu
- Support Center
- Get Support Chat & Submit a Question Phone Support Holiday Schedule
- Training & Webinars
- Online Forum
- Customer Care Customer Care Overview Phone Support Holiday Schedule
Sign In
Quickly log in or create an account using an existing service
Yahoo
What will happen: When you click on this button you will be taken to Yahoo. Once you log in, Yahoo will verify you and send you back here where you’ll be logged in!
Log In or Create an AccountOpens new dialog
Please log in to continue, Username Password
Email Address *
Username *
Password
Re-enter a value for the field ‘Password’
Must match Password
First Name *
Last Name *
Forgot your username or password?
The page will refresh upon submission. Any pending input will be lost.
03-Feb-2022 - Important product notice regarding Microsoft vulnerability patch (MS KB5004442)
Current product hierarchy
- Automation Control
- Programmable Controllers
- 1761 MicroLogix
ID: PN1612 | Access Levels: Everyone
Search
Did you mean:
Published DatePublished Date 12/13/2022
Executive Summary
Rockwell Automation received a vulnerability report from a security researcher from Georgia Institute of Technology. If exploited, this vulnerability could allow an attacker to submit remote code in t…
Login Required to View Full Answer Content
Please use the ‘Sign In’ button above