CVE-2022-3157

Published: Dec 16, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

Affected (6)

Products: Rockwellautomation: Compactlogix 5370 Firmware, Compact Guardlogix 5370 Firmware, Compact Guardlogix 5380 Firmware, Controllogix 5570 Firmware, Controllogix 5570 Redundancy Firmware, Guardlogix 5570 Firmware

Rockwellautomation

6 products

Compactlogix 5370 Firmware

Compact Guardlogix 5370 Firmware

Compact Guardlogix 5380 Firmware

Controllogix 5570 Firmware

Controllogix 5570 Redundancy Firmware

Guardlogix 5570 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 5370 Firmware	From 20 to 33

Running on/with	Platform Versions
Rockwellautomation Compactlogix 5370	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compact Guardlogix 5370 Firmware	From 28 to 33

Running on/with	Platform Versions
Rockwellautomation Compact Guardlogix 5370	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compact Guardlogix 5380 Firmware	From 28 to 33

Running on/with	Platform Versions
Rockwellautomation Compact Guardlogix 5380	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Controllogix 5570 Firmware	From 20 to 33

Running on/with	Platform Versions
Rockwellautomation Controllogix 5570	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Controllogix 5570 Redundancy Firmware	From 20 to 33

Running on/with	Platform Versions
Rockwellautomation Controllogix 5570 Redundancy	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Guardlogix 5570 Firmware	From 20 to 33

Running on/with	Platform Versions
Rockwellautomation Guardlogix 5570	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757

Source: PSIRT@rockwellautomation.com

Permissions RequiredVendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.