CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2179 – ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames
https://notcve.org/view.php?id=CVE-2022-2179
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks. El encabezado X-Frame-Options en Rockwell Automation MicroLogix 1100/1400 Versiones 21.007 y anteriores, no está configurado en la respuesta HTTP, lo que podría permitir ataques de clickjacking • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994 https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22659
https://notcve.org/view.php?id=CVE-2021-22659
Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user. Rockwell Automation MicroLogix 1400 versión 21.6 y anteriores, puede permitir a un atacante remoto no autenticado enviar un paquete Modbus especialmente diseñado que le permita al atacante recuperar o modificar valores aleatorios en el registro. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1129877/loc/en_US#__highlight https://us-cert.cisa.gov/ics/advisories/icsa-21-033-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •