Lucene search

[email protected]CVE-2022-1161

HistoryApr 11, 2022 - 8:15 p.m.

CVE-2022-1161

2022-04-1120:15:18

CWE-829

[email protected]

web.nvd.nist.gov

cve-2022-1161

attacker

user program code

controllogix

compactlogix

guardlogix control systems

studio 5000 logix designer

nvd.

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

41.5%

JSON

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

Affected configurations

NVD

Node

rockwellautomationcompactlogix_1768-l43Match-

AND

rockwellautomationcompactlogix_1768-l43_firmware

Node

rockwellautomationcompactlogix_1768-l45Match-

AND

rockwellautomationcompactlogix_1768-l45_firmware

Node

rockwellautomationcompactlogix_1769-l31Match-

AND

rockwellautomationcompactlogix_1769-l31_firmware

Node

rockwellautomationcompactlogix_1769-l32cMatch-

AND

rockwellautomationcompactlogix_1769-l32c_firmware

Node

rockwellautomationcompactlogix_1769-l32eMatch-

AND

rockwellautomationcompactlogix_1769-l32e_firmware

Node

rockwellautomationcompactlogix_1769-l35crMatch-

AND

rockwellautomationcompactlogix_1769-l35cr_firmware

Node

rockwellautomationcompactlogix_1769-l35eMatch-

AND

rockwellautomationcompactlogix_1769-l35e_firmware

Node

rockwellautomationcompactlogix_5370_l3Match-

AND

rockwellautomationcompactlogix_5370_l3_firmware

Node

rockwellautomationcompactlogix_5370_l2_firmware

AND

rockwellautomationcompactlogix_5370_l2Match-

Node

rockwellautomationcompactlogix_5370_l1_firmware

AND

rockwellautomationcompactlogix_5370_l1Match-

Node

rockwellautomationcompactlogix_5380_firmware

AND

rockwellautomationcompactlogix_5380Match-

Node

rockwellautomationcompactlogix_5480_firmware

AND

rockwellautomationcompactlogix_5480Match-

Node

rockwellautomationcompact_guardlogix_5370_firmware

AND

rockwellautomationcompact_guardlogix_5370Match-

Node

rockwellautomationcompact_guardlogix_5380_firmware

AND

rockwellautomationcompact_guardlogix_5380Match-

Node

rockwellautomationcontrollogix_5550_firmware

AND

rockwellautomationcontrollogix_5550Match-

Node

rockwellautomationcontrollogix_5560_firmware

AND

rockwellautomationcontrollogix_5560Match-

Node

rockwellautomationcontrollogix_5570_firmware

AND

rockwellautomationcontrollogix_5570Match-

Node

rockwellautomationcontrollogix_5580_firmware

AND

rockwellautomationcontrollogix_5580Match-

Node

rockwellautomationguardlogix_5560_firmware

AND

rockwellautomationguardlogix_5560Match-

Node

rockwellautomationguardlogix_5570_firmware

AND

rockwellautomationguardlogix_5570Match-

Node

rockwellautomationguardlogix_5580_firmware

AND

rockwellautomationguardlogix_5580Match-

Node

rockwellautomationflexlogix_1794-l34_firmware

AND

rockwellautomationflexlogix_1794-l34Match-

Node

rockwellautomationdrivelogix_5730_firmware

AND

rockwellautomationdrivelogix_5730Match-

Node

rockwellautomationsoftlogix_5800_firmware

AND

rockwellautomationsoftlogix_5800Match-

CPENameOperatorVersion
rockwellautomation:compactlogix_1768-l43_firmwarerockwellautomation compactlogix 1768-l43 firmwareeq*

CPE	Name	Operator	Version
rockwellautomation:compactlogix_1768-l43_firmware	rockwellautomation compactlogix 1768-l43 firmware	eq	*

CNA Affected

[
  {
    "product": "1768 CompactLogix controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "All all"
      }
    ]
  },
  {
    "product": "1769 CompactLogix controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "CompactLogix 5370 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "CompactLogix 5380 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "CompactLogix 5480 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "Compact GuardLogix 5370 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "Compact GuardLogix 5380 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "ControlLogix 5550 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "ControlLogix 5560 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "ControlLogix 5570 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "ControlLogix 5580 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "GuardLogix 5560 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "GuardLogix 5570 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "GuardLogix 5580 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "FlexLogix 1794-L34 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "DriveLogix 5730 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "product": "SoftLogix 5800 controllers",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-090-05

Social References

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

41.5%

JSON

Related for CVE-2022-1161

nessus1 nvd1 ics1 cvelist1 prion1 thn2