Vulnerabilites related to rockwellautomation - guardlogix_5570_firmware
cve-2022-3157
Vulnerability from cvelistv5
Published
2022-12-16 20:35
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | CompactLogix 5370 |
Version: 20 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:00:10.589Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CompactLogix 5370", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "33", status: "affected", version: "20", versionType: "Major", }, ], }, { defaultStatus: "unaffected", product: "Compact GuardLogix", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "33", status: "affected", version: "28", versionType: "Major", }, ], }, { defaultStatus: "unaffected", product: "ControlLogix 5570", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "33", status: "affected", version: "20", versionType: "Major", }, ], }, { defaultStatus: "unaffected", product: "ControlLogix 5570 Redundancy", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "33", status: "affected", version: "20", versionType: "Major", }, ], }, { defaultStatus: "unaffected", product: "GuardLogix 5570", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "33", status: "affected", version: "20", versionType: "Major", }, ], }, ], datePublic: "2022-12-15T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). </span>\n\n", }, ], value: "\nA vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). \n\n", }, ], impacts: [ { capecId: "CAPEC-123", descriptions: [ { lang: "en", value: "CAPEC-123 Buffer Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-16T20:35:55.689Z", orgId: "b73dd486-f505-4403-b634-40b078b177f0", shortName: "Rockwell", }, references: [ { url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757", }, ], source: { discovery: "UNKNOWN", }, title: "Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b73dd486-f505-4403-b634-40b078b177f0", assignerShortName: "Rockwell", cveId: "CVE-2022-3157", datePublished: "2022-12-16T20:35:55.689Z", dateReserved: "2022-09-07T19:00:02.431Z", dateUpdated: "2024-08-03T01:00:10.589Z", requesterUserId: "20b06643-9bf3-4d1d-a98d-f8db99f95a31", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-1161
Vulnerability from cvelistv5
Published
2022-04-11 19:38
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:55:24.400Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "1768 CompactLogix controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "All all", }, ], }, { product: "1769 CompactLogix controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "CompactLogix 5370 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "CompactLogix 5380 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "CompactLogix 5480 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "Compact GuardLogix 5370 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "Compact GuardLogix 5380 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "ControlLogix 5550 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "ControlLogix 5560 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "ControlLogix 5570 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "ControlLogix 5580 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "GuardLogix 5560 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "GuardLogix 5570 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "GuardLogix 5580 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "FlexLogix 1794-L34 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "DriveLogix 5730 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, { product: "SoftLogix 5800 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "all", }, ], }, ], credits: [ { lang: "en", value: "Sharon Brizinov and Tal Keren of Claroty reported this vulnerability to CISA.", }, ], datePublic: "2022-03-31T00:00:00", descriptions: [ { lang: "en", value: "An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-829", description: "CWE-829 Inclusion of Functionality from Untrusted Control Sphere", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-11T19:38:14", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05", }, ], solutions: [ { lang: "en", value: "The following mitigations should be applied for ControlLogix 5560, ControlLogix 5570, ControlLogix 5580 series, GuardLogix 5570, GuardLogix 5580, GuardLogix 5380, CompactLogix, CompactLogix 5380 devices:\n\nRisk Mitigation A:\n\nRecompile and download user program code (i.e., acd).\nPut controller mode switch into Run position.\nIf keeping controller mode switch in Run is impractical, use the following mitigation:\n\nRecompile and download user program code (i.e., acd).\nMonitor controller change log for any unexpected modifications or anomalous activity.\nUtilize the Controller Log feature.\nUtilize Change Detection in the Logix Designer Application.\nIf available, use the functionality in FactoryTalk AssetCenter software to detect changes.\nRisk Mitigation B:\n\nImplement CIP Security to help prevent unauthorized connections when properly deployed. Supported controllers and communications modules include:\n\nControlLogix 5580 processors using on-board EtherNet/IP port.\nGuardLogix 5580 processors using on-board EtherNet/IP port.\nControlLogix 5580 processors operating in High Availability (HA) configurations using 1756-EN4TR\nControlLogix 5560, ControlLogix 5570, ControlLogix 5580, GuardLogix 5570 and GuardLogix 5580 can use a 1756-EN4TR ControlLogix EtherNet/IP module.\nIf using a 1756-EN2T, then replace with a 1756-EN4TR\nCompactLogix 5380 using on-board EtherNet/IP port.\nCompactLogix GuardLogix 5380 using on-board EtherNet/IP port.\nThe following mitigations should be applied for 1768 CompactLogix, 1769 CompactLogix, CompactLogix 5370, and CompactLogix 5480 devices:\n\nRecompile and download user program code (i.e., acd).\nPut controller mode switch into Run position.\nIf keeping controller mode switch in Run is impractical, then use the following mitigation:\n\nRecompile and download user program code (i.e., acd).\nMonitor controller change log for any unexpected modifications or anomalous activity.\nUse the Controller Log feature.\nUse Change Detection in the Logix Designer application.\nIf available, use the functionality in FactoryTalk AssetCenter to detect changes.", }, ], source: { advisory: "ICSA-22-090-05", discovery: "EXTERNAL", }, title: "ICSA-22-090-05 Rockwell Automation Logix Controllers", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", DATE_PUBLIC: "2022-03-31T17:00:00.000Z", ID: "CVE-2022-1161", STATE: "PUBLIC", TITLE: "ICSA-22-090-05 Rockwell Automation Logix Controllers", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "1768 CompactLogix controllers", version: { version_data: [ { version_affected: "=", version_name: "All", version_value: "all", }, ], }, }, { product_name: "1769 CompactLogix controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "CompactLogix 5370 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "CompactLogix 5380 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "CompactLogix 5480 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "Compact GuardLogix 5370 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "Compact GuardLogix 5380 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "ControlLogix 5550 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "ControlLogix 5560 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "ControlLogix 5570 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "ControlLogix 5580 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "GuardLogix 5560 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "GuardLogix 5570 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "GuardLogix 5580 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "FlexLogix 1794-L34 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "DriveLogix 5730 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, { product_name: "SoftLogix 5800 controllers", version: { version_data: [ { version_affected: "=", version_name: "all", version_value: "all", }, ], }, }, ], }, vendor_name: "Rockwell Automation", }, ], }, }, credit: [ { lang: "eng", value: "Sharon Brizinov and Tal Keren of Claroty reported this vulnerability to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-829 Inclusion of Functionality from Untrusted Control Sphere", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05", refsource: "MISC", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05", }, ], }, solution: [ { lang: "en", value: "The following mitigations should be applied for ControlLogix 5560, ControlLogix 5570, ControlLogix 5580 series, GuardLogix 5570, GuardLogix 5580, GuardLogix 5380, CompactLogix, CompactLogix 5380 devices:\n\nRisk Mitigation A:\n\nRecompile and download user program code (i.e., acd).\nPut controller mode switch into Run position.\nIf keeping controller mode switch in Run is impractical, use the following mitigation:\n\nRecompile and download user program code (i.e., acd).\nMonitor controller change log for any unexpected modifications or anomalous activity.\nUtilize the Controller Log feature.\nUtilize Change Detection in the Logix Designer Application.\nIf available, use the functionality in FactoryTalk AssetCenter software to detect changes.\nRisk Mitigation B:\n\nImplement CIP Security to help prevent unauthorized connections when properly deployed. Supported controllers and communications modules include:\n\nControlLogix 5580 processors using on-board EtherNet/IP port.\nGuardLogix 5580 processors using on-board EtherNet/IP port.\nControlLogix 5580 processors operating in High Availability (HA) configurations using 1756-EN4TR\nControlLogix 5560, ControlLogix 5570, ControlLogix 5580, GuardLogix 5570 and GuardLogix 5580 can use a 1756-EN4TR ControlLogix EtherNet/IP module.\nIf using a 1756-EN2T, then replace with a 1756-EN4TR\nCompactLogix 5380 using on-board EtherNet/IP port.\nCompactLogix GuardLogix 5380 using on-board EtherNet/IP port.\nThe following mitigations should be applied for 1768 CompactLogix, 1769 CompactLogix, CompactLogix 5370, and CompactLogix 5480 devices:\n\nRecompile and download user program code (i.e., acd).\nPut controller mode switch into Run position.\nIf keeping controller mode switch in Run is impractical, then use the following mitigation:\n\nRecompile and download user program code (i.e., acd).\nMonitor controller change log for any unexpected modifications or anomalous activity.\nUse the Controller Log feature.\nUse Change Detection in the Logix Designer application.\nIf available, use the functionality in FactoryTalk AssetCenter to detect changes.", }, ], source: { advisory: "ICSA-22-090-05", discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-1161", datePublished: "2022-04-11T19:38:14.725172Z", dateReserved: "2022-03-29T00:00:00", dateUpdated: "2024-09-16T19:30:34.104Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-6998
Vulnerability from cvelistv5
Published
2022-07-27 20:18
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02 | x_refsource_CONFIRM | |
| https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | Armor Compact GuardLogix 5370 controllers |
Version: unspecified < |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:18:02.993Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Armor Compact GuardLogix 5370 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "versions 33 and prior", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Armor GuardLogix Safety Controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "versions 33 and prior", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "CompactLogix 5370 L1 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "versions 33 and prior", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "CompactLogix 5370 L2 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "versions 33 and prior", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "CompactLogix 5370 L3 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "versions 33 and prior", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Compact GuardLogix 5370 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "versions 33 and prior", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "ControlLogix 5570 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "versions 33 and prior", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Yeop Chang reported this vulnerability to CISA.", }, ], descriptions: [ { lang: "en", value: "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "CVE-22 Improper Input Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-27T20:18:00", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398", }, ], solutions: [ { lang: "en", value: "Rockwell Automation recommends affected users apply firmware v33.011 or later.\n\nFor more information see the Rockwell Automation advisory (login required).", }, ], source: { discovery: "EXTERNAL", }, title: "Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2020-6998", STATE: "PUBLIC", TITLE: "Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Armor Compact GuardLogix 5370 controllers", version: { version_data: [ { version_affected: "<=", version_value: "versions 33 and prior", }, ], }, }, { product_name: "Armor GuardLogix Safety Controllers", version: { version_data: [ { version_affected: "<=", version_value: "versions 33 and prior", }, ], }, }, { product_name: "CompactLogix 5370 L1 controllers", version: { version_data: [ { version_affected: "<=", version_value: "versions 33 and prior", }, ], }, }, { product_name: "CompactLogix 5370 L2 controllers", version: { version_data: [ { version_affected: "<=", version_value: "versions 33 and prior", }, ], }, }, { product_name: "CompactLogix 5370 L3 controllers", version: { version_data: [ { version_affected: "<=", version_value: "versions 33 and prior", }, ], }, }, { product_name: "Compact GuardLogix 5370 controllers", version: { version_data: [ { version_affected: "<=", version_value: "versions 33 and prior", }, ], }, }, { product_name: "ControlLogix 5570 controllers", version: { version_data: [ { version_affected: "<=", version_value: "versions 33 and prior", }, ], }, }, ], }, vendor_name: "Rockwell Automation", }, ], }, }, credit: [ { lang: "eng", value: "Yeop Chang reported this vulnerability to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CVE-22 Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02", refsource: "CONFIRM", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02", }, { name: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398", refsource: "CONFIRM", url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398", }, ], }, solution: [ { lang: "en", value: "Rockwell Automation recommends affected users apply firmware v33.011 or later.\n\nFor more information see the Rockwell Automation advisory (login required).", }, ], source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2020-6998", datePublished: "2022-07-27T20:18:00", dateReserved: "2020-01-14T00:00:00", dateUpdated: "2024-08-04T09:18:02.993Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-1797
Vulnerability from cvelistv5
Published
2022-05-31 19:04
Modified
2024-08-03 00:16
Severity ?
EPSS score ?
Summary
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01 | x_refsource_CONFIRM | |
| https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | CompactLogix 5380 controllers |
Version: unspecified < |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:16:59.935Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "CompactLogix 5380 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "32.013", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Compact GuardLogix 5380 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "32.013", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "CompactLogix 5480 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "32.013", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "ControlLogix 5580 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "32.013", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "GuardLogix 5580 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "32.013", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "CompactLogix 5370 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "33.013", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Compact GuardLogix 5370 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "33.013", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "ControlLogix 5570 controllers", vendor: "Rockwell Automation", versions: [ { lessThanOrEqual: "33.013", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "GuardLogix 5570 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "33.013", }, ], }, ], credits: [ { lang: "en", value: "Rockwell Automation discovered this vulnerability during routine security testing and reported it to CISA.", }, ], descriptions: [ { lang: "en", value: "A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-31T19:04:44", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559", }, ], solutions: [ { lang: "en", value: "Rockwell Automation recommends users update to the latest firmware version to mitigate this vulnerability. Users are directed towards the risk mitigation provided below and are encouraged (where possible) to combine these with the general security guidelines below to employ multiple strategies simultaneously. Users should go to Rockwell Automation's Product Compatibility & Download Center to download the latest firmware.\n\nCompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, GuardLogix 5580: Upgrade to v33.011 firmware\nCompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, GuardLogix 5570: Upgrade to v34.011 firmware\n\nPlease see Rockwell Automation’s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559", }, ], source: { discovery: "INTERNAL", }, title: "Rockwell Automation Logix Controllers Uncontrolled Resource Consumption", workarounds: [ { lang: "en", value: "If upgrading is not possible, Rockwell Automation recommends the following mitigations:\nUse of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with products from Rockwell Automation is available in Knowledgebase article QA17329.\nConfirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nPlease see Rockwell Automation’s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2022-1797", STATE: "PUBLIC", TITLE: "Rockwell Automation Logix Controllers Uncontrolled Resource Consumption", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "CompactLogix 5380 controllers", version: { version_data: [ { version_affected: "<=", version_value: "32.013", }, ], }, }, { product_name: "Compact GuardLogix 5380 controllers", version: { version_data: [ { version_affected: "<=", version_value: " 32.013", }, ], }, }, { product_name: "CompactLogix 5480 controllers", version: { version_data: [ { version_affected: "<=", version_value: "32.013", }, ], }, }, { product_name: "ControlLogix 5580 controllers", version: { version_data: [ { version_affected: "<=", version_value: "32.013", }, ], }, }, { product_name: "GuardLogix 5580 controllers", version: { version_data: [ { version_affected: "<=", version_value: "32.013", }, ], }, }, { product_name: "CompactLogix 5370 controllers", version: { version_data: [ { version_affected: "<=", version_value: "33.013", }, ], }, }, { product_name: "Compact GuardLogix 5370 controllers", version: { version_data: [ { version_affected: "<=", version_value: "33.013", }, ], }, }, { product_name: "ControlLogix 5570 controllers", version: { version_data: [ { version_affected: "<=", version_value: "33.013", }, ], }, }, { product_name: "GuardLogix 5570 controllers", version: { version_data: [ { version_value: "33.013", }, ], }, }, ], }, vendor_name: "Rockwell Automation", }, ], }, }, credit: [ { lang: "eng", value: "Rockwell Automation discovered this vulnerability during routine security testing and reported it to CISA.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400: Uncontrolled Resource Consumption", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01", refsource: "CONFIRM", url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01", }, { name: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559", refsource: "CONFIRM", url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559", }, ], }, solution: [ { lang: "en", value: "Rockwell Automation recommends users update to the latest firmware version to mitigate this vulnerability. Users are directed towards the risk mitigation provided below and are encouraged (where possible) to combine these with the general security guidelines below to employ multiple strategies simultaneously. Users should go to Rockwell Automation's Product Compatibility & Download Center to download the latest firmware.\n\nCompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, GuardLogix 5580: Upgrade to v33.011 firmware\nCompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, GuardLogix 5570: Upgrade to v34.011 firmware\n\nPlease see Rockwell Automation’s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559", }, ], source: { discovery: "INTERNAL", }, work_around: [ { lang: "en", value: "If upgrading is not possible, Rockwell Automation recommends the following mitigations:\nUse of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with products from Rockwell Automation is available in Knowledgebase article QA17329.\nConfirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nPlease see Rockwell Automation’s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559", }, ], }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-1797", datePublished: "2022-05-31T19:04:44", dateReserved: "2022-05-18T00:00:00", dateUpdated: "2024-08-03T00:16:59.935Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-07-27 21:15
Modified
2024-11-21 05:36
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398 | Permissions Required, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rockwellautomation | armor_compact_guardlogix_5370_firmware | * | |
| rockwellautomation | armor_compact_guardlogix_5370 | - | |
| rockwellautomation | compact_guardlogix_5370_firmware | * | |
| rockwellautomation | compact_guardlogix_5370 | - | |
| rockwellautomation | compactlogix_5370_l1_firmware | * | |
| rockwellautomation | compactlogix_5370_l1 | - | |
| rockwellautomation | compactlogix_5370_l2_firmware | * | |
| rockwellautomation | compactlogix_5370_l2 | - | |
| rockwellautomation | compactlogix_5370_l3_firmware | * | |
| rockwellautomation | compactlogix_5370_l3 | - | |
| rockwellautomation | controllogix_5570_firmware | * | |
| rockwellautomation | controllogix_5570 | - | |
| rockwellautomation | guardlogix_5560_firmware | * | |
| rockwellautomation | guardlogix_5560 | - | |
| rockwellautomation | guardlogix_5570_firmware | * | |
| rockwellautomation | guardlogix_5570 | - | |
| rockwellautomation | guardlogix_5580_firmware | * | |
| rockwellautomation | guardlogix_5580 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "13D07CA5-B2C0-483D-A183-60BAD0F6BA65", versionEndIncluding: "33", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:*", matchCriteriaId: "03FAA30B-C345-4DD4-A686-50989ADF4CC5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "797BDE9D-193A-4D9B-A38C-B199C99CE958", versionEndIncluding: "33", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*", matchCriteriaId: "6F951670-AF4D-4429-8BC1-79BDEF83B2C3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02304C1E-786D-4281-8854-6B626F201A29", versionEndIncluding: "33", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*", matchCriteriaId: "848B3145-24E4-445B-958A-4C3F84C4546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "786B2806-A81A-4160-804A-AE9B2C445D65", versionEndIncluding: "33", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*", matchCriteriaId: "65092726-5567-488C-9E32-DC42D34E111D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4274AF4D-445F-454D-8B08-B03B39A5AD5F", versionEndIncluding: "33", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*", matchCriteriaId: "52C2F377-6F0D-4752-A4A3-C40604A8575D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "235662B8-4F63-4D1F-9091-8271B85BDB17", versionEndIncluding: "33", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*", matchCriteriaId: "482E2CD6-D484-486C-92F4-18432D107E30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BC99B037-69C1-4475-B65E-046CA020806A", versionEndIncluding: "33", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5560:-:*:*:*:*:*:*:*", matchCriteriaId: "7A42D9BC-9468-479A-873D-52175687FCBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DA97F17B-E8B2-4FF6-A8D8-69D8F6B17F2F", versionEndIncluding: "33", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*", matchCriteriaId: "321AE938-192A-4342-8608-ADC81F0B6582", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A56F5CA1-02BF-4AC2-9963-F09E8390EC92", versionEndIncluding: "33", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "006B7683-9FDF-4748-BA28-2EA22613E092", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.", }, { lang: "es", value: "El algoritmo de establecimiento de conexión encontrado en Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versiones 33 y anteriores, no administra suficientemente su flujo de control durante la ejecución, creando un bucle infinito. Esto puede permitir a un atacante enviar peticiones de paquetes CIP especialmente diseñados a un controlador, lo que puede causar condiciones de denegación de servicio en las comunicaciones con otros productos", }, ], id: "CVE-2020-6998", lastModified: "2024-11-21T05:36:27.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-27T21:15:08.297", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-16 21:15
Modified
2024-11-21 07:18
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT@rockwellautomation.com | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757 | Permissions Required, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rockwellautomation | compactlogix_5370_firmware | * | |
| rockwellautomation | compactlogix_5370 | - | |
| rockwellautomation | compact_guardlogix_5370_firmware | * | |
| rockwellautomation | compact_guardlogix_5370 | - | |
| rockwellautomation | compact_guardlogix_5380_firmware | * | |
| rockwellautomation | compact_guardlogix_5380 | - | |
| rockwellautomation | controllogix_5570_firmware | * | |
| rockwellautomation | controllogix_5570 | - | |
| rockwellautomation | controllogix_5570_redundancy_firmware | * | |
| rockwellautomation | controllogix_5570_redundancy | - | |
| rockwellautomation | guardlogix_5570_firmware | * | |
| rockwellautomation | guardlogix_5570 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5370_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2EFE566E-F923-4357-9A81-CF80C9781460", versionEndIncluding: "33", versionStartIncluding: "20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:*", matchCriteriaId: "E12ADAE3-97B1-48BC-BE69-ED75667C1886", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F56AE05D-6230-4540-B57D-F04ADC4AF81E", versionEndIncluding: "33", versionStartIncluding: "28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*", matchCriteriaId: "6F951670-AF4D-4429-8BC1-79BDEF83B2C3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFA0CB3-AAF6-4E96-B341-EA9EC76FB1EB", versionEndIncluding: "33", versionStartIncluding: "28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*", matchCriteriaId: "62414E65-73C7-4172-B7BF-F40A66AFBB90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E926CC52-8EBD-4B0B-86EF-0815028D5422", versionEndIncluding: "33", versionStartIncluding: "20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*", matchCriteriaId: "482E2CD6-D484-486C-92F4-18432D107E30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5570_redundancy_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD1093B1-FA26-4EC5-8B47-34162E2F1645", versionEndIncluding: "33", versionStartIncluding: "20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5570_redundancy:-:*:*:*:*:*:*:*", matchCriteriaId: "EF7B47C6-086E-45B2-A434-494379C4A0CC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "297151D4-F4AE-4D52-B1BD-82BF13DD4228", versionEndIncluding: "33", versionStartIncluding: "20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*", matchCriteriaId: "321AE938-192A-4342-8608-ADC81F0B6582", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nA vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). \n\n", }, { lang: "es", value: "Existe una vulnerabilidad en los controladores de Rockwell Automation que permite que una solicitud CIP con formato incorrecto cause una falla mayor no recuperable (MNRF) y una condición de Denegación de Servicio (DoS) (DOS).", }, ], id: "CVE-2022-3157", lastModified: "2024-11-21T07:18:56.780", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "PSIRT@rockwellautomation.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-16T21:15:08.797", references: [ { source: "PSIRT@rockwellautomation.com", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757", }, ], sourceIdentifier: "PSIRT@rockwellautomation.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "PSIRT@rockwellautomation.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:41
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559 | Permissions Required, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rockwellautomation | compactlogix_5380_firmware | * | |
| rockwellautomation | compactlogix_5380 | - | |
| rockwellautomation | compact_guardlogix_5380_firmware | * | |
| rockwellautomation | compact_guardlogix_5380 | - | |
| rockwellautomation | compactlogix_5480_firmware | * | |
| rockwellautomation | compactlogix_5480 | - | |
| rockwellautomation | controllogix_5580_firmware | * | |
| rockwellautomation | controllogix_5580 | - | |
| rockwellautomation | guardlogix_5580_firmware | * | |
| rockwellautomation | guardlogix_5580 | - | |
| rockwellautomation | compactlogix_5370_firmware | * | |
| rockwellautomation | compactlogix_5370 | - | |
| rockwellautomation | compact_guardlogix_5370_firmware | * | |
| rockwellautomation | compact_guardlogix_5370 | - | |
| rockwellautomation | controllogix_5570_firmware | * | |
| rockwellautomation | controllogix_5570 | - | |
| rockwellautomation | guardlogix_5570_firmware | * | |
| rockwellautomation | guardlogix_5570 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "838C4369-238B-4611-8DC5-8B23908D47F1", versionEndExcluding: "33.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*", matchCriteriaId: "EDD040ED-B44C-47D0-B4D4-729C378C4F68", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F3BFF9BD-BF59-4310-A0D3-43392E3AD6B9", versionEndExcluding: "33.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*", matchCriteriaId: "62414E65-73C7-4172-B7BF-F40A66AFBB90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E407DFE-FF4B-4D8B-8C85-92FC8FA3796C", versionEndExcluding: "33.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*", matchCriteriaId: "80F4F5BE-07DF-402A-BF98-34FBA6A11968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3AA82CCD-EEA6-49F2-877F-0D84994BA7EA", versionEndExcluding: "33.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FEBAB166-7A61-45BB-9935-C06527869F83", versionEndExcluding: "33.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "006B7683-9FDF-4748-BA28-2EA22613E092", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5370_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C85EB0F-473A-423A-BDFC-741F6C0E1C0E", versionEndExcluding: "34.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:*", matchCriteriaId: "E12ADAE3-97B1-48BC-BE69-ED75667C1886", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C6D1A405-1F45-44DD-91A6-49405CF36FEE", versionEndExcluding: "34.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*", matchCriteriaId: "6F951670-AF4D-4429-8BC1-79BDEF83B2C3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "68F0DF87-03BF-40D5-B6D0-95F9F4FA19EE", versionEndExcluding: "34.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*", matchCriteriaId: "482E2CD6-D484-486C-92F4-18432D107E30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "40DCFACD-B0E8-48DF-9945-B61CB8DDE7E8", versionEndExcluding: "34.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*", matchCriteriaId: "321AE938-192A-4342-8608-ADC81F0B6582", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.", }, { lang: "es", value: "Un mensaje de protocolo industrial común de clase 3 malformado con una conexión en caché puede causar una condición de denegación de servicio en los controladores Logix de Rockwell Automation, lo que resulta en una falla importante no recuperable. Si el dispositivo de destino deja de estar disponible, un usuario tendría que borrar el fallo y volver a descargar el archivo de proyecto del usuario para que el dispositivo vuelva a estar en línea", }, ], id: "CVE-2022-1797", lastModified: "2024-11-21T06:41:29.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 4, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-02T14:15:33.287", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559", }, { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-11 20:15
Modified
2024-11-21 06:40
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rockwellautomation | compactlogix_1768-l43_firmware | * | |
| rockwellautomation | compactlogix_1768-l43 | - | |
| rockwellautomation | compactlogix_1768-l45_firmware | * | |
| rockwellautomation | compactlogix_1768-l45 | - | |
| rockwellautomation | compactlogix_1769-l31_firmware | * | |
| rockwellautomation | compactlogix_1769-l31 | - | |
| rockwellautomation | compactlogix_1769-l32c_firmware | * | |
| rockwellautomation | compactlogix_1769-l32c | - | |
| rockwellautomation | compactlogix_1769-l32e_firmware | * | |
| rockwellautomation | compactlogix_1769-l32e | - | |
| rockwellautomation | compactlogix_1769-l35cr_firmware | * | |
| rockwellautomation | compactlogix_1769-l35cr | - | |
| rockwellautomation | compactlogix_1769-l35e_firmware | * | |
| rockwellautomation | compactlogix_1769-l35e | - | |
| rockwellautomation | compactlogix_5370_l3_firmware | * | |
| rockwellautomation | compactlogix_5370_l3 | - | |
| rockwellautomation | compactlogix_5370_l2_firmware | * | |
| rockwellautomation | compactlogix_5370_l2 | - | |
| rockwellautomation | compactlogix_5370_l1_firmware | * | |
| rockwellautomation | compactlogix_5370_l1 | - | |
| rockwellautomation | compactlogix_5380_firmware | * | |
| rockwellautomation | compactlogix_5380 | - | |
| rockwellautomation | compactlogix_5480_firmware | * | |
| rockwellautomation | compactlogix_5480 | - | |
| rockwellautomation | compact_guardlogix_5370_firmware | * | |
| rockwellautomation | compact_guardlogix_5370 | - | |
| rockwellautomation | compact_guardlogix_5380_firmware | * | |
| rockwellautomation | compact_guardlogix_5380 | - | |
| rockwellautomation | controllogix_5550_firmware | * | |
| rockwellautomation | controllogix_5550 | - | |
| rockwellautomation | controllogix_5560_firmware | * | |
| rockwellautomation | controllogix_5560 | - | |
| rockwellautomation | controllogix_5570_firmware | * | |
| rockwellautomation | controllogix_5570 | - | |
| rockwellautomation | controllogix_5580_firmware | * | |
| rockwellautomation | controllogix_5580 | - | |
| rockwellautomation | guardlogix_5560_firmware | * | |
| rockwellautomation | guardlogix_5560 | - | |
| rockwellautomation | guardlogix_5570_firmware | * | |
| rockwellautomation | guardlogix_5570 | - | |
| rockwellautomation | guardlogix_5580_firmware | * | |
| rockwellautomation | guardlogix_5580 | - | |
| rockwellautomation | flexlogix_1794-l34_firmware | * | |
| rockwellautomation | flexlogix_1794-l34 | - | |
| rockwellautomation | drivelogix_5730_firmware | * | |
| rockwellautomation | drivelogix_5730 | - | |
| rockwellautomation | softlogix_5800_firmware | * | |
| rockwellautomation | softlogix_5800 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_1768-l43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5902C3FA-4EBC-4F52-A0A6-17530215BBC2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_1768-l43:-:*:*:*:*:*:*:*", matchCriteriaId: "500CCE0E-688A-4077-BE1A-0EA14E09EDC5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_1768-l45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E72AC0D0-1DE8-4224-A377-7CD91B935A73", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_1768-l45:-:*:*:*:*:*:*:*", matchCriteriaId: "DBC58246-9865-463E-B728-E2C408ACB326", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_1769-l31_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8208B8AB-F0D1-4D83-A659-5A8E54923773", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_1769-l31:-:*:*:*:*:*:*:*", matchCriteriaId: "25C24363-B2E4-4F3A-BB18-7C57A0329141", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_1769-l32c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "333841E4-E187-49F0-A58E-613E7DEC4567", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_1769-l32c:-:*:*:*:*:*:*:*", matchCriteriaId: "1424AA33-EED1-45B4-859A-C2E02EE5B117", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_1769-l32e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3931B5BF-BBF4-456B-ACC6-71FF740812DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_1769-l32e:-:*:*:*:*:*:*:*", matchCriteriaId: "349841AF-C1A1-4C8D-BCF7-8A11FBBBABC3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_1769-l35cr_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C96F688C-228D-4524-A16F-EFB036A149A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_1769-l35cr:-:*:*:*:*:*:*:*", matchCriteriaId: "4D6FC91A-B6D9-4438-AF29-258ABD198526", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_1769-l35e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9FA8DFA8-3248-49B1-9A2F-823BAD328E1C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_1769-l35e:-:*:*:*:*:*:*:*", matchCriteriaId: "A9FABB28-BDEE-4C64-BE22-1A594FA612AA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F8781D41-3B6E-4738-B56A-779B33F91583", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*", matchCriteriaId: "52C2F377-6F0D-4752-A4A3-C40604A8575D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "60F4218A-EB8E-41AB-B6D2-6FA1C5F4DBE2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*", matchCriteriaId: "65092726-5567-488C-9E32-DC42D34E111D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1AA11CE3-CAF7-4236-BBBA-B0720CF9671E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*", matchCriteriaId: "848B3145-24E4-445B-958A-4C3F84C4546C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6164C08-2D51-4926-8724-DBB6F15AFF8E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*", matchCriteriaId: "EDD040ED-B44C-47D0-B4D4-729C378C4F68", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB52219D-FA84-436A-9985-CC213FB0CA8E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*", matchCriteriaId: "80F4F5BE-07DF-402A-BF98-34FBA6A11968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A99E2DE7-50DA-46D3-AF60-BD38A81FAE55", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*", matchCriteriaId: "6F951670-AF4D-4429-8BC1-79BDEF83B2C3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F84096B0-5D14-408A-ACB6-E16B23D01DB5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*", matchCriteriaId: "62414E65-73C7-4172-B7BF-F40A66AFBB90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5550_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AC2014EF-C7B4-4BA7-A8A2-63FFECA51F74", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5550:-:*:*:*:*:*:*:*", matchCriteriaId: "13EE2216-F25F-44AB-A167-4EEA153C8F8D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5560_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ED54702B-BB6F-423A-9B6E-2A009616F779", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5560:-:*:*:*:*:*:*:*", matchCriteriaId: "EA25FF8D-51C5-4928-9B90-E4BD1476F50B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02588718-A3D7-4FC5-B336-BFE9C9DD099D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*", matchCriteriaId: "482E2CD6-D484-486C-92F4-18432D107E30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D1B751BB-5C55-46BD-A15D-CCCA9699FC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3CC3C22D-9FB4-4492-8907-8396A182D300", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5560:-:*:*:*:*:*:*:*", matchCriteriaId: "7A42D9BC-9468-479A-873D-52175687FCBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "19C8A074-6DAF-45F6-8AE0-D004ECDCF80A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*", matchCriteriaId: "321AE938-192A-4342-8608-ADC81F0B6582", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1829B090-7E73-4712-8235-F4C8D53D229F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "006B7683-9FDF-4748-BA28-2EA22613E092", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:flexlogix_1794-l34_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7CA46037-9030-449F-ADEE-B4428E3A0CAF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:flexlogix_1794-l34:-:*:*:*:*:*:*:*", matchCriteriaId: "00F74EB3-FF64-471A-9380-8415516B4683", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:drivelogix_5730_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6D20542-BA18-43AE-9CD7-8DB9F1B069AD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:drivelogix_5730:-:*:*:*:*:*:*:*", matchCriteriaId: "03E185C3-17CA-4E3F-863B-9F906C5C59EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:softlogix_5800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5EF194E8-E858-43F2-AC60-5AD722973B86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:softlogix_5800:-:*:*:*:*:*:*:*", matchCriteriaId: "BDAB7B6D-CCAC-460B-8A88-3397A2397078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.", }, { lang: "es", value: "Un atacante con la capacidad de modificar un programa de usuario puede cambiar el código del programa de usuario en algunos sistemas ControlLogix, CompactLogix y GuardLogix Control. Studio 5000 Logix Designer escribe el código del programa legible por el usuario en una ubicación distinta a la del código compilado ejecutado, permitiendo a un atacante cambiar uno y no el otro", }, ], id: "CVE-2022-1161", lastModified: "2024-11-21T06:40:09.667", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-11T20:15:18.017", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-829", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, ], }