CVE-2022-46670 HIGH

CVE-2022-46670: Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack

Vendor Rockwell Automation

Product MicroLogix 1100 & 1400 Controllers

Weakness CWE-79 · XSS

Published December 16, 2022

Last update April 17, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

Key dates

02Disclosure timeline

December 16, 2022 CVE published

April 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-46670 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-46670

CWE CWE-79

CVSS 7.1 / HIGH

Affected versions

Vendor Rockwell Automation

Product MicroLogix 1100 & 1400 Controllers

Affected All

Vendor Rockwell Automation

Product MicroLogix 1400-B/C

Affected 21.007 and below

Vendor Rockwell Automation

Product MicroLogix 1400-A

Affected 7.000 and below

CVE-2022-46670: Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack

01Description

02Disclosure timeline

03References

04Related CVE