CVE-2022-3156

Published: Dec 27, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.

Affected (1)

Products: Rockwellautomation: Studio 5000 Logix Emulate

Rockwellautomation

1 product

Studio 5000 Logix Emulate

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Studio 5000 Logix Emulate	From 20.011 to 34.00

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846

Source: PSIRT@rockwellautomation.com

Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.