CVE-2022-3752

Published: Dec 19, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.

Affected (5)

Products: Rockwellautomation: Compactlogix 5480 Firmware, Compactlogix 5580 Firmware, Guardlogix 5580 Firmware, Compact Guardlogix 5380 Firmware, Compactlogix 5380 Firmware

Rockwellautomation

5 products

Compactlogix 5480 Firmware

Compactlogix 5580 Firmware

Guardlogix 5580 Firmware

Compact Guardlogix 5380 Firmware

Compactlogix 5380 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 5480 Firmware	From 32.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 5480	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 5580 Firmware	From 31.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 5580	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Guardlogix 5580 Firmware	From 32.011

Running on/with	Platform Versions
Rockwellautomation Guardlogix 5580	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compact Guardlogix 5380 Firmware	From 31.011

Running on/with	Platform Versions
Rockwellautomation Compact Guardlogix 5380	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 5380 Firmware	From 31.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 5380	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664

Source: PSIRT@rockwellautomation.com

Permissions RequiredVendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.