CVE-2022-3166 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rockwellautomation	Micrologix 1100 Firmware	-
Rockwellautomation	Micrologix 1100	-
Rockwellautomation	Micrologix 1400 Firmware	-
Rockwellautomation	Micrologix 1400	-

Related Weaknesses (CWE)

CWE-924

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137678Permissions RequiredVendor Advisory
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137678Permissions RequiredVendor Advisory

FAQ

What is CVE-2022-3166?

CVE-2022-3166 is a vulnerability with a CVSS score of 7.5 (HIGH). Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability c...

How severe is CVE-2022-3166?

CVE-2022-3166 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3166?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Micrologix 1100 Firmware, Rockwellautomation Micrologix 1100, Rockwellautomation Micrologix 1400 Firmware, Rockwellautomation Micrologix 1400.