Lucene search

K
cve[email protected]CVE-2022-3157
HistoryDec 16, 2022 - 9:15 p.m.

CVE-2022-3157

2022-12-1621:15:08
CWE-20
web.nvd.nist.gov
39
cve-2022-3157
vulnerability
rockwell automation
controllers
major non-recoverable fault
denial-of-service
nvd

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.0%

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

Affected configurations

NVD
Node
rockwellautomationcompactlogix_5370Match-
AND
rockwellautomationcompactlogix_5370_firmwareRange2033
Node
rockwellautomationcompact_guardlogix_5370Match-
AND
rockwellautomationcompact_guardlogix_5370_firmwareRange2833
Node
rockwellautomationcompact_guardlogix_5380Match-
AND
rockwellautomationcompact_guardlogix_5380_firmwareRange2833
Node
rockwellautomationcontrollogix_5570Match-
AND
rockwellautomationcontrollogix_5570_firmwareRange2033
Node
rockwellautomationcontrollogix_5570_redundancyMatch-
AND
rockwellautomationcontrollogix_5570_redundancy_firmwareRange2033
Node
rockwellautomationguardlogix_5570Match-
AND
rockwellautomationguardlogix_5570_firmwareRange2033

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CompactLogix 5370",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "lessThanOrEqual": "33",
        "status": "affected",
        "version": "20",
        "versionType": "Major"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Compact GuardLogix",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "lessThanOrEqual": "33",
        "status": "affected",
        "version": "28",
        "versionType": "Major"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ControlLogix 5570",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "lessThanOrEqual": "33",
        "status": "affected",
        "version": "20",
        "versionType": "Major"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ControlLogix 5570 Redundancy",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "lessThanOrEqual": "33",
        "status": "affected",
        "version": "20",
        "versionType": "Major"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GuardLogix 5570",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "lessThanOrEqual": "33",
        "status": "affected",
        "version": "20",
        "versionType": "Major"
      }
    ]
  }
]

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.0%

Related for CVE-2022-3157