CVE-2022-2179 (GCVE-0-2022-2179)
Vulnerability from cvelistv5
Published
2022-07-20 15:36
Modified
2025-04-16 16:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE
Summary
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
References
Impacted products
Vendor Product Version
Rockwell Automation MicroLogix 1400 Version: unspecified   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:07.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2179",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:51:04.270712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:14:37.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MicroLogix 1400",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "21.007",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MicroLogix 1100",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation."
        }
      ],
      "datePublic": "2022-07-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-20T15:36:32.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames",
      "workarounds": [
        {
          "lang": "en",
          "value": "Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk. Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also provided below) to deploy a defense-in-depth strategy.\n\n    Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the intended use of the device).\n    Configure firewalls to disallow network communication through HTTP/Port 80\n\nIf applying the mitigations noted above are not possible, please see Rockwell Automation\u2019s Knowledgebase article QA43240 Security Best Practices.\n\nFor more information, please see the industrial security advisory from Rockwell Automation."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2022-07-19T20:09:00.000Z",
          "ID": "CVE-2022-2179",
          "STATE": "PUBLIC",
          "TITLE": "ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MicroLogix 1400",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "21.007"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MicroLogix 1100",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rockwell Automation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1021"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01"
            },
            {
              "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994",
              "refsource": "CONFIRM",
              "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk. Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also provided below) to deploy a defense-in-depth strategy.\n\n    Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the intended use of the device).\n    Configure firewalls to disallow network communication through HTTP/Port 80\n\nIf applying the mitigations noted above are not possible, please see Rockwell Automation\u2019s Knowledgebase article QA43240 Security Best Practices.\n\nFor more information, please see the industrial security advisory from Rockwell Automation."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-2179",
    "datePublished": "2022-07-20T15:36:33.007Z",
    "dateReserved": "2022-06-22T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:14:37.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-2179\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-07-20T16:15:09.030\",\"lastModified\":\"2024-11-21T07:00:29.217\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.\"},{\"lang\":\"es\",\"value\":\"El encabezado X-Frame-Options en Rockwell Automation MicroLogix 1100/1400 Versiones 21.007 y anteriores, no est\u00e1 configurado en la respuesta HTTP, lo que podr\u00eda permitir ataques de clickjacking\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1021\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1021\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:micrologix_1100_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5252A0C-A923-4BA0-A857-9BF21F8BF79B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:micrologix_1100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA42C7F4-EEC1-44D2-BD46-237969FF6E1A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:micrologix_1400_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"21.007\",\"matchCriteriaId\":\"A358F0EC-45CC-4BF4-8DF0-DD43556D1BE6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"196EA0BE-FDF3-46BE-B3DA-5F49208C5D80\"}]}]}],\"references\":[{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:32:07.933Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-2179\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:51:04.270712Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:51:05.793Z\"}}], \"cna\": {\"title\": \"ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Rockwell Automation\", \"product\": \"MicroLogix 1400\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.007\"}]}, {\"vendor\": \"Rockwell Automation\", \"product\": \"MicroLogix 1100\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}]}], \"datePublic\": \"2022-07-19T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk. Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also provided below) to deploy a defense-in-depth strategy.\\n\\n    Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the intended use of the device).\\n    Configure firewalls to disallow network communication through HTTP/Port 80\\n\\nIf applying the mitigations noted above are not possible, please see Rockwell Automation\\u2019s Knowledgebase article QA43240 Security Best Practices.\\n\\nFor more information, please see the industrial security advisory from Rockwell Automation.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1021\", \"description\": \"CWE-1021\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-07-20T15:36:32.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Pawan V. Sable and Pranita Binnar from Veermata Jijabai Technological Institute (VJTI) reported this vulnerability to Rockwell Automation.\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"21.007\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"MicroLogix 1400\"}, {\"version\": {\"version_data\": [{\"version_value\": \"All versions\", \"version_affected\": \"=\"}]}, \"product_name\": \"MicroLogix 1100\"}]}, \"vendor_name\": \"Rockwell Automation\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-01\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994\", \"name\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135994\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-1021\"}]}]}, \"work_around\": [{\"lang\": \"en\", \"value\": \"Rockwell Automation encourages those using the affected software to implement the mitigations below to minimize risk. Additionally, Rockwell Automation encourages users to combine risk mitigations with security best practices (also provided below) to deploy a defense-in-depth strategy.\\n\\n    Disable the web server where possible (this component is an optional feature and disabling it will not disrupt the intended use of the device).\\n    Configure firewalls to disallow network communication through HTTP/Port 80\\n\\nIf applying the mitigations noted above are not possible, please see Rockwell Automation\\u2019s Knowledgebase article QA43240 Security Best Practices.\\n\\nFor more information, please see the industrial security advisory from Rockwell Automation.\"}], \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-2179\", \"STATE\": \"PUBLIC\", \"TITLE\": \"ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\", \"DATE_PUBLIC\": \"2022-07-19T20:09:00.000Z\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-2179\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T16:14:37.655Z\", \"dateReserved\": \"2022-06-22T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-07-20T15:36:33.007Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.