Unrated severityNVD Advisory· Published Dec 16, 2022· Updated Apr 17, 2025

Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack

CVE-2022-46670

Description

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

Affected products

Rockwellautomation/Ab Micrologix Controller 1100cpe-rescue
Range: All
Rockwellautomation/Micrologixcpe-rescue
Range: 7.000 and below
Rockwellautomation/Micrologix 1400 Firmwarecpe-rescue
Range: 21.007 and below

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137679mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000