) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:21.6:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-2179 |
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks. Published: July 20, 2022; 12:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2021-32926 |
When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition Published: June 03, 2021; 9:15:07 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-22659 |
Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user. Published: March 25, 2021; 12:15:14 PM -0400 |
V4.0:(not available) V3.1: 8.6 HIGH V2.0: 7.5 HIGH |