CVE-2022-1161
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
Affected (24)
Products: Rockwellautomation: Compactlogix 1768 L43 Firmware, Compactlogix 1768 L45 Firmware, Compactlogix 1769 L31 Firmware, Compactlogix 1769 L32c Firmware, Compactlogix 1769 L32e Firmware, Compactlogix 1769 L35cr Firmware, Compactlogix 1769 L35e Firmware, Compactlogix 5370 L3 Firmware, Compactlogix 5370 L2 Firmware, Compactlogix 5370 L1 Firmware, Compactlogix 5380 Firmware, Compactlogix 5480 Firmware, Compact Guardlogix 5370 Firmware, Compact Guardlogix 5380 Firmware, Controllogix 5550 Firmware, Controllogix 5560 Firmware, Controllogix 5570 Firmware, Controllogix 5580 Firmware, Guardlogix 5560 Firmware, Guardlogix 5570 Firmware, Guardlogix 5580 Firmware, Flexlogix 1794 L34 Firmware, Drivelogix 5730 Firmware, Softlogix 5800 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 1768 L43 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 1768 L45 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 1769 L31 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 1769 L32c | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 1769 L32e | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 1769 L35cr | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 1769 L35e | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 5370 L3 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 5370 L2 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 5370 L1 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 5380 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compactlogix 5480 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compact Guardlogix 5370 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Compact Guardlogix 5380 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Controllogix 5550 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Controllogix 5560 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Controllogix 5570 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Controllogix 5580 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Guardlogix 5560 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Guardlogix 5570 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Guardlogix 5580 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Flexlogix 1794 L34 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Drivelogix 5730 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Softlogix 5800 | All versions |
References (2)
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.