IcscertCVELIST:CVE-2022-1161CVE-2022-1161 ICSA-22-090-05 Rockwell Automation Logix Controllers
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
41.5%
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
CNA Affected
[
{
"product": "1768 CompactLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All all"
}
]
},
{
"product": "1769 CompactLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "CompactLogix 5370 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "CompactLogix 5380 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "CompactLogix 5480 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "Compact GuardLogix 5370 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "Compact GuardLogix 5380 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ControlLogix 5550 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ControlLogix 5560 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ControlLogix 5570 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ControlLogix 5580 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "GuardLogix 5560 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "GuardLogix 5570 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "GuardLogix 5580 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "FlexLogix 1794-L34 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "DriveLogix 5730 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "SoftLogix 5800 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
41.5%