The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01 | Third Party Advisory US Government Resource |
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994 | Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Information
Published : 2022-07-20 09:15
Updated : 2022-07-27 14:45
NVD link : CVE-2022-2179
Mitre link : CVE-2022-2179
JSON object : View
CWE
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
Products Affected
rockwellautomation
- micrologix_1100
- micrologix_1400_firmware
- micrologix_1400
- micrologix_1100_firmware