← Back

CVE-2022-1797

nvd nist
Published: Jun 2, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.6
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 4.0
Source: NVD

Description

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.

Affected (9)

Rockwellautomation
9 products
Compactlogix 5380 Firmware
Compact Guardlogix 5380 Firmware
Compactlogix 5480 Firmware
Controllogix 5580 Firmware
Guardlogix 5580 Firmware
Compactlogix 5370 Firmware
Compact Guardlogix 5370 Firmware
Controllogix 5570 Firmware
Guardlogix 5570 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compactlogix 5380 Firmware
Before 33.011
Running on/withPlatform Versions
Rockwellautomation
Compactlogix 5380
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact Guardlogix 5380 Firmware
Before 33.011
Running on/withPlatform Versions
Rockwellautomation
Compact Guardlogix 5380
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compactlogix 5480 Firmware
Before 33.011
Running on/withPlatform Versions
Rockwellautomation
Compactlogix 5480
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Controllogix 5580 Firmware
Before 33.011
Running on/withPlatform Versions
Rockwellautomation
Controllogix 5580
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Guardlogix 5580 Firmware
Before 33.011
Running on/withPlatform Versions
Rockwellautomation
Guardlogix 5580
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compactlogix 5370 Firmware
Before 34.011
Running on/withPlatform Versions
Rockwellautomation
Compactlogix 5370
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact Guardlogix 5370 Firmware
Before 34.011
Running on/withPlatform Versions
Rockwellautomation
Compact Guardlogix 5370
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Controllogix 5570 Firmware
Before 34.011
Running on/withPlatform Versions
Rockwellautomation
Controllogix 5570
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Guardlogix 5570 Firmware
Before 34.011
Running on/withPlatform Versions
Rockwellautomation
Guardlogix 5570
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

Source: ics-cert@hq.dhs.gov
Permissions RequiredVendor Advisory
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.